# HG changeset patch
# User michael
# Date 1209848507 0
# Node ID 25c5f3b5e902316468c032d6ab417329dcf8558e
# Parent  81ec037b6151b17cfa5b43bcea44fd7ca5b6ec0e
Heap buffer overflow.

diff -r 81ec037b6151 -r 25c5f3b5e902 alac.c
--- a/alac.c	Sat May 03 20:56:57 2008 +0000
+++ b/alac.c	Sat May 03 21:01:47 2008 +0000
@@ -405,7 +405,7 @@
     ALACContext *alac = avctx->priv_data;
 
     int channels;
-    int32_t outputsamples;
+    unsigned int outputsamples;
     int hassize;
     int readsamplesize;
     int wasted_bytes;
@@ -458,6 +458,10 @@
     if (hassize) {
         /* now read the number of samples as a 32bit integer */
         outputsamples = get_bits(&alac->gb, 32);
+        if(outputsamples > alac->setinfo_max_samples_per_frame){
+            av_log(avctx, AV_LOG_ERROR, "outputsamples %d > %d\n", outputsamples, alac->setinfo_max_samples_per_frame);
+            return -1;
+        }
     } else
         outputsamples = alac->setinfo_max_samples_per_frame;