From 4783cf0d09ce472a4724d9cd509565e9c283418f Mon Sep 17 00:00:00 2001 From: Kostya Shishkov Date: Mon, 24 Sep 2007 03:32:24 +0000 Subject: [PATCH] Do not try to decode more data than output buffer may hold Originally committed as revision 10560 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavcodec/adx.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/adx.c b/libavcodec/adx.c index 593c19de65..2b44b89f98 100644 --- a/libavcodec/adx.c +++ b/libavcodec/adx.c @@ -328,6 +328,11 @@ static int adx_decode_frame(AVCodecContext *avctx, rest -= hdrsize; } + /* 18 bytes of data are expanded into 32*2 bytes of audio, + so guard against buffer overflows */ + if(rest/18 > *data_size/64) + rest = (*data_size/64) * 18; + if (c->in_temp) { int copysize = 18*avctx->channels - c->in_temp; memcpy(c->dec_temp+c->in_temp,buf,copysize);