RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

qdm2dec: fix buffer overflow. 

Fixes NGS00144

Thanks to Phillip for suggestions to improve the patch.
Found-by: Phillip Langlois
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2011-11-18 17:48:31 +01:00
parent 919c00ba5a
commit 895d258e9b
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libavcodec/qdm2.c
View File

@ -170,7 +170,7 @@ typedef struct {
/// I/O data
const uint8_t *compressed_data;
int compressed_size;
float output_buffer[QDM2_MAX_FRAME_SIZE * 2];
float output_buffer[QDM2_MAX_FRAME_SIZE * MPA_MAX_CHANNELS * 2];
/// Synthesis filter
MPADSPContext mpadsp;
@ -1896,6 +1896,9 @@ static int qdm2_decode (QDM2Context *q, const uint8_t *in, int16_t *out)
int ch, i;
const int frame_size = (q->frame_size * q->channels);
if((unsigned)frame_size > FF_ARRAY_ELEMS(q->output_buffer)/2)
return -1;
/* select input buffer */
q->compressed_data = in;
q->compressed_size = q->checksum_size;