Mercurial > libavcodec.hg

comparison alac.c @ 6743:25c5f3b5e902 libavcodec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Heap buffer overflow.
author michael
date Sat, 03 May 2008 21:01:47 +0000
parents 81ec037b6151
children cb04861f9e45
comparison
equal deleted inserted replaced
6742:81ec037b6151 6743:25c5f3b5e902
403 const uint8_t *inbuffer, int input_buffer_size) 403 const uint8_t *inbuffer, int input_buffer_size)
404 { 404 {
405 ALACContext *alac = avctx->priv_data; 405 ALACContext *alac = avctx->priv_data;
406 406
407 int channels; 407 int channels;
408 int32_t outputsamples; 408 unsigned int outputsamples;
409 int hassize; 409 int hassize;
410 int readsamplesize; 410 int readsamplesize;
411 int wasted_bytes; 411 int wasted_bytes;
412 int isnotcompressed; 412 int isnotcompressed;
413 uint8_t interlacing_shift; 413 uint8_t interlacing_shift;
456 isnotcompressed = get_bits1(&alac->gb); 456 isnotcompressed = get_bits1(&alac->gb);
457 457
458 if (hassize) { 458 if (hassize) {
459 /* now read the number of samples as a 32bit integer */ 459 /* now read the number of samples as a 32bit integer */
460 outputsamples = get_bits(&alac->gb, 32); 460 outputsamples = get_bits(&alac->gb, 32);
461 if(outputsamples > alac->setinfo_max_samples_per_frame){
462 av_log(avctx, AV_LOG_ERROR, "outputsamples %d > %d\n", outputsamples, alac->setinfo_max_samples_per_frame);
463 return -1;
464 }
461 } else 465 } else
462 outputsamples = alac->setinfo_max_samples_per_frame; 466 outputsamples = alac->setinfo_max_samples_per_frame;
463 467
464 *outputsize = outputsamples * alac->bytespersample; 468 *outputsize = outputsamples * alac->bytespersample;
465 readsamplesize = alac->setinfo_sample_size - (wasted_bytes * 8) + channels - 1; 469 readsamplesize = alac->setinfo_sample_size - (wasted_bytes * 8) + channels - 1;