diff options
Diffstat (limited to 'src/libffmpeg/libavcodec/flac.c')
| -rw-r--r-- | src/libffmpeg/libavcodec/flac.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/src/libffmpeg/libavcodec/flac.c b/src/libffmpeg/libavcodec/flac.c index 6c64ad0a1..1016ed47f 100644 --- a/src/libffmpeg/libavcodec/flac.c +++ b/src/libffmpeg/libavcodec/flac.c @@ -225,6 +225,10 @@ static int decode_residuals(FLACContext *s, int channel, int pred_order) rice_order = get_bits(&s->gb, 4); samples= s->blocksize >> rice_order; + if (pred_order > samples) { + av_log(s->avctx, AV_LOG_ERROR, "invalid predictor order: %i > %i\n", pred_order, samples); + return -1; + } sample= i= pred_order; @@ -454,7 +458,7 @@ static inline int decode_subframe(FLACContext *s, int channel) return 0; } -static int decode_frame(FLACContext *s) +static int decode_frame(FLACContext *s, int alloc_data_size) { int blocksize_code, sample_rate_code, sample_size_code, assignment, i, crc8; int decorrelation, bps, blocksize, samplerate; @@ -516,6 +520,9 @@ static int decode_frame(FLACContext *s) return -1; } + if(blocksize * s->channels * sizeof(int16_t) > alloc_data_size) + return -1; + if (sample_rate_code == 0){ samplerate= s->samplerate; }else if ((sample_rate_code > 3) && (sample_rate_code < 12)) @@ -579,6 +586,9 @@ static int flac_decode_frame(AVCodecContext *avctx, FLACContext *s = avctx->priv_data; int tmp = 0, i, j = 0, input_buf_size = 0; int16_t *samples = data; + int alloc_data_size= *data_size; + + *data_size=0; if(s->max_framesize == 0){ s->max_framesize= 65536; // should hopefully be enough for the first header @@ -617,7 +627,7 @@ static int flac_decode_frame(AVCodecContext *avctx, goto end; // we may not have enough bits left to decode a frame, so try next time } skip_bits(&s->gb, 16); - if (decode_frame(s) < 0){ + if (decode_frame(s, alloc_data_size) < 0){ av_log(s->avctx, AV_LOG_ERROR, "decode_frame() failed\n"); s->bitstream_size=0; s->bitstream_index=0; |