From 701966730ce10290fd49c5ccedd73f505680f764 Mon Sep 17 00:00:00 2001 From: Luca Barbato Date: Wed, 29 May 2013 16:59:13 +0200 Subject: [PATCH] vmd: drop incomplete chunks and spurious samples Odd chunk size makes no sense for stereo and incomplete chunks are not supported. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org --- libavcodec/vmdav.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavcodec/vmdav.c b/libavcodec/vmdav.c index d7f43f04ce..3a0cbf9424 100644 --- a/libavcodec/vmdav.c +++ b/libavcodec/vmdav.c @@ -586,6 +586,9 @@ static int vmdaudio_decode_frame(AVCodecContext *avctx, void *data, /* ensure output buffer is large enough */ audio_chunks = buf_size / s->chunk_size; + /* drop incomplete chunks */ + buf_size = audio_chunks * s->chunk_size; + /* get output buffer */ frame->nb_samples = ((silent_chunks + audio_chunks) * avctx->block_align) / avctx->channels; @@ -598,7 +601,8 @@ static int vmdaudio_decode_frame(AVCodecContext *avctx, void *data, /* decode silent chunks */ if (silent_chunks > 0) { - int silent_size = avctx->block_align * silent_chunks; + int silent_size = FFMIN(avctx->block_align * silent_chunks, + frame->nb_samples * avctx->channels); if (s->out_bps == 2) { memset(output_samples_s16, 0x00, silent_size * 2); output_samples_s16 += silent_size; @@ -610,7 +614,7 @@ static int vmdaudio_decode_frame(AVCodecContext *avctx, void *data, /* decode audio chunks */ if (audio_chunks > 0) { - buf_end = buf + buf_size; + buf_end = buf + (buf_size & ~(avctx->channels > 1)); while (buf + s->chunk_size <= buf_end) { if (s->out_bps == 2) { decode_audio_s16(output_samples_s16, buf, s->chunk_size,