mirror of https://git.ffmpeg.org/ffmpeg.git
qdm2: check output buffer size before decoding
This commit is contained in:
parent
5a19acb17c
commit
7d49f79f1c
|
@ -1960,13 +1960,20 @@ static int qdm2_decode_frame(AVCodecContext *avctx,
|
||||||
int buf_size = avpkt->size;
|
int buf_size = avpkt->size;
|
||||||
QDM2Context *s = avctx->priv_data;
|
QDM2Context *s = avctx->priv_data;
|
||||||
int16_t *out = data;
|
int16_t *out = data;
|
||||||
int i;
|
int i, out_size;
|
||||||
|
|
||||||
if(!buf)
|
if(!buf)
|
||||||
return 0;
|
return 0;
|
||||||
if(buf_size < s->checksum_size)
|
if(buf_size < s->checksum_size)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
out_size = 16 * s->channels * s->frame_size *
|
||||||
|
av_get_bytes_per_sample(avctx->sample_fmt);
|
||||||
|
if (*data_size < out_size) {
|
||||||
|
av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n");
|
||||||
|
return AVERROR(EINVAL);
|
||||||
|
}
|
||||||
|
|
||||||
av_log(avctx, AV_LOG_DEBUG, "decode(%d): %p[%d] -> %p[%d]\n",
|
av_log(avctx, AV_LOG_DEBUG, "decode(%d): %p[%d] -> %p[%d]\n",
|
||||||
buf_size, buf, s->checksum_size, data, *data_size);
|
buf_size, buf, s->checksum_size, data, *data_size);
|
||||||
|
|
||||||
|
@ -1976,7 +1983,7 @@ static int qdm2_decode_frame(AVCodecContext *avctx,
|
||||||
out += s->channels * s->frame_size;
|
out += s->channels * s->frame_size;
|
||||||
}
|
}
|
||||||
|
|
||||||
*data_size = (uint8_t*)out - (uint8_t*)data;
|
*data_size = out_size;
|
||||||
|
|
||||||
return s->checksum_size;
|
return s->checksum_size;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue