falkTX
/
FFmpeg
mirror of https://github.com/falkTX/FFmpeg.git
1
0
Fork 0
Code Issues 0 Releases 338 Wiki Activity
Browse Source

alac: fix integer overflow leading to subsequent out of array accesses. 

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
tags/n1.1
Michael Niedermayer 12 years ago
parent
fd4f4923cc
commit
3920d13878
1 changed files with 5 additions and 1 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +5
    -1
      libavcodec/alac.c

+ 5
- 1
libavcodec/alac.c View File

@@ -542,7 +542,11 @@ static av_cold int alac_decode_close(AVCodecContext *avctx)
static int allocate_buffers(ALACContext *alac)
{
int ch;
int buf_size = alac->max_samples_per_frame * sizeof(int32_t);
int buf_size;

if (alac->max_samples_per_frame > INT_MAX / sizeof(int32_t))
goto buf_alloc_fail;
buf_size = alac->max_samples_per_frame * sizeof(int32_t);

for (ch = 0; ch < FFMIN(alac->channels, 2); ch++) {
FF_ALLOC_OR_GOTO(alac->avctx, alac->predict_error_buffer[ch],


Write Preview
Loading…
Cancel
Save