From 42fe17a0187051fb9f981a067f31a78c185841a6 Mon Sep 17 00:00:00 2001 From: Vitor Sessak Date: Sun, 7 Sep 2008 20:21:15 +0000 Subject: [PATCH] Check output buffer size before decoding. Originally committed as revision 15257 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavcodec/mace.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libavcodec/mace.c b/libavcodec/mace.c index 6e7a12812b..8651744726 100644 --- a/libavcodec/mace.c +++ b/libavcodec/mace.c @@ -235,6 +235,11 @@ static int mace3_decode_frame(AVCodecContext *avctx, MACEContext *ctx = avctx->priv_data; int i, j, k; + if (*data_size < 2 * 3 * buf_size) { + av_log(avctx, AV_LOG_ERROR, "Output buffer too small!\n"); + return -1; + } + for(i = 0; i < avctx->channels; i++) { int16_t *output = samples + i; @@ -266,6 +271,11 @@ static int mace6_decode_frame(AVCodecContext *avctx, MACEContext *ctx = avctx->priv_data; int i, j; + if (*data_size < 2 * 6 * buf_size) { + av_log(avctx, AV_LOG_ERROR, "Output buffer too small!\n"); + return -1; + } + for(i = 0; i < avctx->channels; i++) { int16_t *output = samples + i;