Mercurial > libavcodec.hg

changeset 12133:24649290a14f libavcodec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add some buffer checks
author skal
date Sun, 11 Jul 2010 06:59:21 +0000
parents 189c04335897
children cb3eb3a2fc96
files libvorbis.c
diffstat 1 files changed, 9 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/libvorbis.c	Sun Jul 11 06:40:05 2010 +0000
+++ b/libvorbis.c	Sun Jul 11 06:59:21 2010 +0000
@@ -172,6 +172,10 @@
              * not, apparently the end of stream decision is in libogg. */
             if(op.bytes==1 && op.e_o_s)
                 continue;
+            if (context->buffer_index + sizeof(ogg_packet) + op.bytes > BUFFER_SIZE) {
+                av_log(avccontext, AV_LOG_ERROR, "libvorbis: buffer overflow.");
+                return -1;
+            }
             memcpy(context->buffer + context->buffer_index, &op, sizeof(ogg_packet));
             context->buffer_index += sizeof(ogg_packet);
             memcpy(context->buffer + context->buffer_index, op.packet, op.bytes);
@@ -189,6 +193,11 @@
         avccontext->coded_frame->pts= av_rescale_q(op2->granulepos, (AVRational){1, avccontext->sample_rate}, avccontext->time_base);
         //FIXME we should reorder the user supplied pts and not assume that they are spaced by 1/sample_rate
 
+        if (l > buf_size) {
+            av_log(avccontext, AV_LOG_ERROR, "libvorbis: buffer overflow.");
+            return -1;
+        }
+
         memcpy(packets, op2->packet, l);
         context->buffer_index -= l + sizeof(ogg_packet);
         memmove(context->buffer, context->buffer + l + sizeof(ogg_packet), context->buffer_index);