# HG changeset patch
# User vitor
# Date 1220818875 0
# Node ID a16406b793a510fface4da29294c726838bc7722
# Parent  09291b11569510c2f30d304767d0917897adf4ca
Check output buffer size before decoding.

diff -r 09291b115695 -r a16406b793a5 mace.c
--- a/mace.c	Sun Sep 07 20:18:18 2008 +0000
+++ b/mace.c	Sun Sep 07 20:21:15 2008 +0000
@@ -235,6 +235,11 @@
     MACEContext *ctx = avctx->priv_data;
     int i, j, k;
 
+    if (*data_size < 2 * 3 * buf_size) {
+        av_log(avctx, AV_LOG_ERROR, "Output buffer too small!\n");
+        return -1;
+    }
+
     for(i = 0; i < avctx->channels; i++) {
         int16_t *output = samples + i;
 
@@ -266,6 +271,11 @@
     MACEContext *ctx = avctx->priv_data;
     int i, j;
 
+    if (*data_size < 2 * 6 * buf_size) {
+        av_log(avctx, AV_LOG_ERROR, "Output buffer too small!\n");
+        return -1;
+    }
+
     for(i = 0; i < avctx->channels; i++) {
         int16_t *output = samples + i;