Mercurial > libavcodec.hg
comparison mpegaudiodec.c @ 3641:b325c92e7bed libavcodec
check the validity of the amount of the remaining bytes in the bitsteam before memcpy
| author | michael |
|---|---|
| date | Sun, 27 Aug 2006 07:19:11 +0000 |
| parents | c5dffafebdff |
| children | ae1dfbbb25bb |
comparison
equal
deleted
inserted
replaced
| 3640:c5dffafebdff | 3641:b325c92e7bed |
|---|---|
| 2520 if(s->in_gb.buffer) | 2520 if(s->in_gb.buffer) |
| 2521 s->gb= s->in_gb; | 2521 s->gb= s->in_gb; |
| 2522 align_get_bits(&s->gb); | 2522 align_get_bits(&s->gb); |
| 2523 assert((get_bits_count(&s->gb) & 7) == 0); | 2523 assert((get_bits_count(&s->gb) & 7) == 0); |
| 2524 s->last_buf_size= (s->gb.size_in_bits - get_bits_count(&s->gb))>>3; | 2524 s->last_buf_size= (s->gb.size_in_bits - get_bits_count(&s->gb))>>3; |
| 2525 memcpy(s->last_buf, s->gb.buffer + (get_bits_count(&s->gb)>>3), s->last_buf_size); | 2525 if(s->last_buf_size <0 || s->last_buf_size > BACKSTEP_SIZE || nb_frames<0) |
| 2526 s->last_buf_size= FFMIN(BACKSTEP_SIZE, buf_size - HEADER_SIZE); | |
| 2527 assert(s->last_buf_size <= buf_size - HEADER_SIZE); | |
| 2528 memcpy(s->last_buf, s->gb.buffer + buf_size - HEADER_SIZE - s->last_buf_size, s->last_buf_size); | |
| 2526 | 2529 |
| 2527 break; | 2530 break; |
| 2528 } | 2531 } |
| 2529 #if defined(DEBUG) | 2532 #if defined(DEBUG) |
| 2530 for(i=0;i<nb_frames;i++) { | 2533 for(i=0;i<nb_frames;i++) { |