# HG changeset patch
# User michael
# Date 1215805552 0
# Node ID d90bc6cc1bfdb2184a0bac77d8edc274be2e7fa9
# Parent  239031d2061791c6dd705d071b2b0e1c71ce0af1
Check that we have enough output space available.

diff -r 239031d20617 -r d90bc6cc1bfd wmadec.c
--- a/wmadec.c	Fri Jul 11 15:25:12 2008 +0000
+++ b/wmadec.c	Fri Jul 11 19:45:52 2008 +0000
@@ -781,6 +781,11 @@
         skip_bits(&s->gb, 4); /* super frame index */
         nb_frames = get_bits(&s->gb, 4) - 1;
 
+        if((nb_frames+1) * s->nb_channels * s->frame_len * sizeof(int16_t) > *data_size){
+            av_log(s->avctx, AV_LOG_ERROR, "Insufficient output space\n");
+            goto fail;
+        }
+
         bit_offset = get_bits(&s->gb, s->byte_offset_bits + 3);
 
         if (s->last_superframe_len > 0) {
@@ -836,6 +841,10 @@
         s->last_superframe_len = len;
         memcpy(s->last_superframe, buf + pos, len);
     } else {
+        if(s->nb_channels * s->frame_len * sizeof(int16_t) > *data_size){
+            av_log(s->avctx, AV_LOG_ERROR, "Insufficient output space\n");
+            goto fail;
+        }
         /* single frame decode */
         if (wma_decode_frame(s, samples) < 0)
             goto fail;