# HG changeset patch
# User alexc
# Date 1247094773 0
# Node ID a7b6bbf19002371e627967399e448a000b06d7ba
# Parent  580fad942ae6636027014e08c59d2fa592619055
Prevent AAC frame size overflows.

diff -r 580fad942ae6 -r a7b6bbf19002 aacenc.c
--- a/aacenc.c	Wed Jul 08 23:10:13 2009 +0000
+++ b/aacenc.c	Wed Jul 08 23:12:53 2009 +0000
@@ -540,6 +540,8 @@
         }
         start_ch += chans;
     }
+    do {
+        int frame_bits;
     init_put_bits(&s->pb, frame, buf_size*8);
     if ((avctx->frame_number & 0xFF)==1 && !(avctx->flags & CODEC_FLAG_BITEXACT))
         put_bitstream_info(avctx, s, LIBAVCODEC_IDENT);
@@ -586,6 +588,14 @@
         start_ch += chans;
     }
 
+        frame_bits = put_bits_count(&s->pb);
+        if (frame_bits <= 6144 * avctx->channels - 3)
+            break;
+
+        s->lambda *= avctx->bit_rate * 1024.0f / avctx->sample_rate / frame_bits;
+
+    } while (1);
+
     put_bits(&s->pb, 3, TYPE_END);
     flush_put_bits(&s->pb);
     avctx->frame_bits = put_bits_count(&s->pb);
@@ -597,10 +607,6 @@
         s->lambda = fminf(s->lambda, 65536.f);
     }
 
-    if (avctx->frame_bits > 6144*avctx->channels)
-        av_log(avctx, AV_LOG_ERROR, "input buffer violation %d > %d.\n",
-               avctx->frame_bits, 6144*avctx->channels);
-
     if (!data)
         s->last_frame = 1;
     memcpy(s->samples, s->samples + 1024 * avctx->channels,