Browse Source
pcmdec: fix output buffer size check by calculating the actual output size
prior to decoding.tags/n0.9
Justin Ruggles
13 years ago
1 changed files with 11 additions and 4 deletions
Unified View
Diff Options
-
+11 -4libavcodec/pcm.c
+ 11
- 4
libavcodec/pcm.c
View File
| @@ -250,7 +250,7 @@ static int pcm_decode_frame(AVCodecContext *avctx, | |||||
| const uint8_t *src = avpkt->data; | const uint8_t *src = avpkt->data; | ||||
| int buf_size = avpkt->size; | int buf_size = avpkt->size; | ||||
| PCMDecode *s = avctx->priv_data; | PCMDecode *s = avctx->priv_data; | ||||
| int sample_size, c, n; | |||||
| int sample_size, c, n, out_size; | |||||
| uint8_t *samples; | uint8_t *samples; | ||||
| int32_t *dst_int32_t; | int32_t *dst_int32_t; | ||||
| @@ -286,10 +286,17 @@ static int pcm_decode_frame(AVCodecContext *avctx, | |||||
| buf_size -= buf_size % n; | buf_size -= buf_size % n; | ||||
| } | } | ||||
| buf_size= FFMIN(buf_size, *data_size/2); | |||||
| n = buf_size/sample_size; | n = buf_size/sample_size; | ||||
| out_size = n * av_get_bytes_per_sample(avctx->sample_fmt); | |||||
| if (avctx->codec_id == CODEC_ID_PCM_DVD || | |||||
| avctx->codec_id == CODEC_ID_PCM_LXF) | |||||
| out_size *= 2; | |||||
| if (*data_size < out_size) { | |||||
| av_log(avctx, AV_LOG_ERROR, "output buffer too small\n"); | |||||
| return AVERROR(EINVAL); | |||||
| } | |||||
| switch(avctx->codec->id) { | switch(avctx->codec->id) { | ||||
| case CODEC_ID_PCM_U32LE: | case CODEC_ID_PCM_U32LE: | ||||
| DECODE(32, le32, src, samples, n, 0, 0x80000000) | DECODE(32, le32, src, samples, n, 0, 0x80000000) | ||||
| @@ -450,7 +457,7 @@ static int pcm_decode_frame(AVCodecContext *avctx, | |||||
| default: | default: | ||||
| return -1; | return -1; | ||||
| } | } | ||||
| *data_size = samples - (uint8_t *)data; | |||||
| *data_size = out_size; | |||||
| return buf_size; | return buf_size; | ||||
| } | } | ||||