# HG changeset patch
# User reimar
# Date 1214726931 0
# Node ID 680301b96149c987ba3f3394d521699d990c57bc
# Parent  cd61e85bb6578dfd5b3ce111282580a869354b0d
Add a few size checks to IMA decoder. The code is still a mess though,
but bug # 1114 is probably fixed.

diff -r cd61e85bb657 -r 680301b96149 libmpcodecs/ad_imaadpcm.c
--- a/libmpcodecs/ad_imaadpcm.c	Sun Jun 29 07:55:44 2008 +0000
+++ b/libmpcodecs/ad_imaadpcm.c	Sun Jun 29 08:08:51 2008 +0000
@@ -190,6 +190,10 @@
   int initial_index_r = 0;
   int i;
 
+  if (channels > 1) channels = 2;
+  if (block_size < channels * QT_IMA_ADPCM_BLOCK_SIZE)
+    return -1;
+
   initial_predictor_l = BE_16(&input[0]);
   initial_index_l = initial_predictor_l;
 
@@ -255,6 +259,10 @@
   int channel_index_l;
   int channel_index_r;
 
+  if (channels > 1) channels = 2;
+  if (block_size < MS_IMA_ADPCM_PREAMBLE_SIZE * channels)
+    return -1;
+
   predictor_l = LE_16(&input[0]);
   SE_16BIT(predictor_l);
   index_l = input[2];
@@ -322,6 +330,10 @@
   int index_l = 0;
   int index_r = 0;
 
+  if (channels > 1) channels = 2;
+  if (block_size < MS_IMA_ADPCM_PREAMBLE_SIZE * channels)
+    return -1;
+
   // the first predictor value goes straight to the output
   predictor_l = output[0] = LE_16(&input[0]);
   SE_16BIT(predictor_l);