From db6e337b41fce401e67daa2f05fbe0663f825240 Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Sat, 19 Dec 2015 21:52:19 +0100 Subject: [PATCH] avcodec/s302menc: check if buf_size can actually be put into 16bit size This disallows creating unplayable audio. Signed-off-by: Paul B Mahol --- libavcodec/s302menc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/s302menc.c b/libavcodec/s302menc.c index 3706eba4e0..c703e9a305 100644 --- a/libavcodec/s302menc.c +++ b/libavcodec/s302menc.c @@ -78,6 +78,11 @@ static int s302m_encode2_frame(AVCodecContext *avctx, AVPacket *avpkt, uint8_t *o; PutBitContext pb; + if (buf_size - AES3_HEADER_LEN > UINT16_MAX) { + av_log(avctx, AV_LOG_ERROR, "number of samples in frame too big\n"); + return AVERROR(EINVAL); + } + if ((ret = ff_alloc_packet2(avctx, avpkt, buf_size, 0)) < 0) return ret;