Mercurial > libavcodec.hg
changeset 6742:81ec037b6151 libavcodec
Fix memset(0) based buffer overflow.
author | michael |
---|---|
date | Sat, 03 May 2008 20:56:57 +0000 |
parents | 8d6c07df5afd |
children | 25c5f3b5e902 |
files | alac.c |
diffstat | 1 files changed, 6 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/alac.c Sat May 03 17:28:25 2008 +0000 +++ b/alac.c Sat May 03 20:56:57 2008 +0000 @@ -199,7 +199,8 @@ /* special case: there may be compressed blocks of 0 */ if ((history < 128) && (output_count+1 < output_size)) { - int block_size, k; + int k; + unsigned int block_size; sign_modifier = 1; @@ -208,6 +209,10 @@ block_size= decode_scalar(&alac->gb, k, rice_kmodifier, 16); if (block_size > 0) { + if(block_size >= output_size - output_count){ + av_log(alac->avctx, AV_LOG_ERROR, "invalid zero block size of %d %d %d\n", block_size, output_size, output_count); + block_size= output_size - output_count - 1; + } memset(&output_buffer[output_count+1], 0, block_size * 4); output_count += block_size; }