[Ffmpeg-cvslog] r8850 - trunk/libavcodec/dca.c
michael
subversion
Fri Apr 27 14:41:56 CEST 2007
Author: michael
Date: Fri Apr 27 14:41:55 2007
New Revision: 8850
Log:
fix exploitable buffer overflow
Modified:
trunk/libavcodec/dca.c
Modified: trunk/libavcodec/dca.c
==============================================================================
--- trunk/libavcodec/dca.c (original)
+++ trunk/libavcodec/dca.c Fri Apr 27 14:41:55 2007
@@ -1089,6 +1089,9 @@ static int dca_convert_bitstream(uint8_t
uint16_t *ssrc = (uint16_t *) src, *sdst = (uint16_t *) dst;
PutBitContext pb;
+ if((unsigned)src_size > (unsigned)max_size)
+ return -1;
+
mrk = AV_RB32(src);
switch (mrk) {
case DCA_MARKER_RAW_BE:
More information about the ffmpeg-cvslog
mailing list