# HG changeset patch
# User michael
# Date 1209848217 0
# Node ID 81ec037b6151b17cfa5b43bcea44fd7ca5b6ec0e
# Parent  8d6c07df5afdefb9b7371bf400f2286b0f12d846
Fix memset(0) based buffer overflow.

diff -r 8d6c07df5afd -r 81ec037b6151 alac.c
--- a/alac.c	Sat May 03 17:28:25 2008 +0000
+++ b/alac.c	Sat May 03 20:56:57 2008 +0000
@@ -199,7 +199,8 @@
 
         /* special case: there may be compressed blocks of 0 */
         if ((history < 128) && (output_count+1 < output_size)) {
-            int block_size, k;
+            int k;
+            unsigned int block_size;
 
             sign_modifier = 1;
 
@@ -208,6 +209,10 @@
             block_size= decode_scalar(&alac->gb, k, rice_kmodifier, 16);
 
             if (block_size > 0) {
+                if(block_size >= output_size - output_count){
+                    av_log(alac->avctx, AV_LOG_ERROR, "invalid zero block size of %d %d %d\n", block_size, output_size, output_count);
+                    block_size= output_size - output_count - 1;
+                }
                 memset(&output_buffer[output_count+1], 0, block_size * 4);
                 output_count += block_size;
             }