mirror of https://git.ffmpeg.org/ffmpeg.git
qdm2dec: fix buffer overflow.
Fixes NGS00144 Thanks to Phillip for suggestions to improve the patch. Found-by: Phillip Langlois Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
parent
919c00ba5a
commit
895d258e9b
|
@ -170,7 +170,7 @@ typedef struct {
|
||||||
/// I/O data
|
/// I/O data
|
||||||
const uint8_t *compressed_data;
|
const uint8_t *compressed_data;
|
||||||
int compressed_size;
|
int compressed_size;
|
||||||
float output_buffer[QDM2_MAX_FRAME_SIZE * 2];
|
float output_buffer[QDM2_MAX_FRAME_SIZE * MPA_MAX_CHANNELS * 2];
|
||||||
|
|
||||||
/// Synthesis filter
|
/// Synthesis filter
|
||||||
MPADSPContext mpadsp;
|
MPADSPContext mpadsp;
|
||||||
|
@ -1896,6 +1896,9 @@ static int qdm2_decode (QDM2Context *q, const uint8_t *in, int16_t *out)
|
||||||
int ch, i;
|
int ch, i;
|
||||||
const int frame_size = (q->frame_size * q->channels);
|
const int frame_size = (q->frame_size * q->channels);
|
||||||
|
|
||||||
|
if((unsigned)frame_size > FF_ARRAY_ELEMS(q->output_buffer)/2)
|
||||||
|
return -1;
|
||||||
|
|
||||||
/* select input buffer */
|
/* select input buffer */
|
||||||
q->compressed_data = in;
|
q->compressed_data = in;
|
||||||
q->compressed_size = q->checksum_size;
|
q->compressed_size = q->checksum_size;
|
||||||
|
|
Loading…
Reference in New Issue