1
0
mirror of https://github.com/mpv-player/mpv synced 2024-12-28 01:52:19 +00:00

Fix buffer overflow bug by calculate the buffer size accurately.

git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@25670 b3059339-0415-0410-9bf9-f77b7e298cf2
This commit is contained in:
ulion 2008-01-11 10:15:46 +00:00
parent 989b1fe59b
commit 85941859b2

View File

@ -162,9 +162,26 @@ static af_data_t* play(struct af_instance_s* af, af_data_t* data)
af_data_t *l;
int len, left, outsize = 0, destsize;
char *buf, *src, *dest;
int max_output_len;
int frame_num = (data->len + s->pending_len) / s->expect_len;
if (AF_OK != RESIZE_LOCAL_BUFFER(af,data))
return NULL;
if (s->add_iec61937_header)
max_output_len = AC3_FRAME_SIZE * 2 * 2 * frame_num;
else
max_output_len = AC3_MAX_CODED_FRAME_SIZE * frame_num;
if (af->data->len < max_output_len) {
af_msg(AF_MSG_VERBOSE,"[libaf] Reallocating memory in module %s, "
"old len = %i, new len = %i\n", af->info->name, af->data->len,
max_output_len);
free(af->data->audio);
af->data->audio = malloc(max_output_len);
if (!af->data->audio) {
af_msg(AF_MSG_FATAL,"[libaf] Could not allocate memory \n");
return NULL;
}
af->data->len = max_output_len;
}
l = af->data; // Local data
buf = (char *)l->audio;