falkTX
/
FFmpeg
mirror of https://github.com/falkTX/FFmpeg.git
1
0
Fork 0
Code Issues 0 Releases 338 Wiki Activity
Browse Source

dpcm: Round output buffer size up. 

Fixes: CVE-2011-3951

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
tags/n0.10
Michael Niedermayer 13 years ago
parent
ddf0c1d86a
commit
92115bb685
1 changed files with 4 additions and 1 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +4
    -1
      libavcodec/dpcm.c

+ 4
- 1
libavcodec/dpcm.c View File

@@ -205,9 +205,12 @@ static int dpcm_decode_frame(AVCodecContext *avctx, void *data,
av_log(avctx, AV_LOG_ERROR, "packet is too small\n");
return AVERROR(EINVAL);
}
if (out % s->channels) {
av_log(avctx, AV_LOG_WARNING, "channels have differing number of samples\n");
}

/* get output buffer */
s->frame.nb_samples = out / s->channels;
s->frame.nb_samples = (out + s->channels - 1) / s->channels;
if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) {
av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n");
return ret;


Write Preview
Loading…
Cancel
Save