Mercurial > mplayer.hg

changeset 25642:0c10c8859be8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix buffer overflow bug by calculate the buffer size accurately.
author ulion
date Fri, 11 Jan 2008 10:15:46 +0000
parents 58fd8ebcd6e3
children db59e83495e0
files libaf/af_lavcac3enc.c
diffstat 1 files changed, 19 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/libaf/af_lavcac3enc.c	Thu Jan 10 23:32:50 2008 +0000
+++ b/libaf/af_lavcac3enc.c	Fri Jan 11 10:15:46 2008 +0000
@@ -162,9 +162,26 @@
     af_data_t *l;
     int len, left, outsize = 0, destsize;
     char *buf, *src, *dest;
+    int max_output_len;
+    int frame_num = (data->len + s->pending_len) / s->expect_len;
 
-    if (AF_OK != RESIZE_LOCAL_BUFFER(af,data))
-        return NULL;
+    if (s->add_iec61937_header)
+        max_output_len = AC3_FRAME_SIZE * 2 * 2 * frame_num;
+    else
+        max_output_len = AC3_MAX_CODED_FRAME_SIZE * frame_num;
+
+    if (af->data->len < max_output_len) {
+        af_msg(AF_MSG_VERBOSE,"[libaf] Reallocating memory in module %s, "
+               "old len = %i, new len = %i\n", af->info->name, af->data->len,
+                max_output_len);
+        free(af->data->audio);
+        af->data->audio = malloc(max_output_len);
+        if (!af->data->audio) {
+            af_msg(AF_MSG_FATAL,"[libaf] Could not allocate memory \n");
+            return NULL;
+        }
+        af->data->len = max_output_len;
+    }
 
     l = af->data;           // Local data
     buf = (char *)l->audio;