changeset 16965:d8755974657a

attempt to fix missing and/or broken boundary checks
author reimar
date Thu, 10 Nov 2005 20:41:11 +0000
parents ecf96c255294
children 46490266341d
files libmpcodecs/ad_dk3adpcm.c
diffstat 1 files changed, 6 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/libmpcodecs/ad_dk3adpcm.c	Thu Nov 10 20:38:05 2005 +0000
+++ b/libmpcodecs/ad_dk3adpcm.c	Thu Nov 10 20:41:11 2005 +0000
@@ -145,7 +145,7 @@
   sum_index = input[14];
   diff_index = input[15];
 
-  while (in_ptr < block_size)
+  while (in_ptr < block_size - !decode_top_nibble_next)
 //  while (in_ptr < 2048)
   {
     // process the first predictor of the sum channel
@@ -237,7 +237,11 @@
     sh_audio->ds->ss_mul) 
       return -1; /* EOF */
 
+  if (maxlen < 2 * 4 * sh_audio->wf->nBlockAlign * 2 / 3) {
+    mp_msg(MSGT_DECAUDIO, MSGL_V, "dk3adpcm: maxlen too small in decode_audio\n");
+    return -1;
+  }
   return 2 * dk3_adpcm_decode_block(
     (unsigned short*)buf, sh_audio->a_in_buffer,
-    sh_audio->wf->nBlockAlign);
+    sh_audio->ds->ss_mul);
 }