# HG changeset patch
# User michael
# Date 1253705624 0
# Node ID 9335e435dde07fa31f47f17c12b2010b2cc8f5d5
# Parent  ccd7a1882c9232431818e143e116a8a9e8270d83
Check data_size in decode_frame_mp3on4().

diff -r ccd7a1882c92 -r 9335e435dde0 mpegaudiodec.c
--- a/mpegaudiodec.c	Wed Sep 23 11:29:38 2009 +0000
+++ b/mpegaudiodec.c	Wed Sep 23 11:33:44 2009 +0000
@@ -2466,6 +2466,9 @@
     OUT_INT *outptr, *bp;
     int fr, j, n;
 
+    if(*data_size < MPA_FRAME_SIZE * MPA_MAX_CHANNELS * s->frames * sizeof(OUT_INT))
+        return -1;
+
     *data_size = 0;
     // Discard too short frames
     if (buf_size < HEADER_SIZE)