[FFmpeg-cvslog] apedec: use unsigned int for 'nblocks' and make sure that it' s within int range

Justin Ruggles git at videolan.org
Fri Nov 4 13:22:24 CET 2011


ffmpeg | branch: release/0.8 | Justin Ruggles <justin.ruggles at gmail.com> | Tue Oct 11 13:17:44 2011 -0400| [998fc04bcfeeaa2b0885ee84e37bcd345797981a] | committer: Michael Niedermayer

apedec: use unsigned int for 'nblocks' and make sure that it's within int range

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=998fc04bcfeeaa2b0885ee84e37bcd345797981a
---

 libavcodec/apedec.c |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index 4c2d238..260ef2e 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -802,7 +802,7 @@ static int ape_decode_frame(AVCodecContext * avctx,
     int buf_size = avpkt->size;
     APEContext *s = avctx->priv_data;
     int16_t *samples = data;
-    int nblocks;
+    uint32_t nblocks;
     int i, n;
     int blockstodecode;
     int bytes_used;
@@ -838,9 +838,10 @@ static int ape_decode_frame(AVCodecContext * avctx,
 
         s->currentframeblocks = nblocks;
         buf += 4;
-        if (s->samples <= 0) {
+        if (!nblocks || nblocks > INT_MAX) {
+            av_log(avctx, AV_LOG_ERROR, "Invalid sample count: %u.\n", nblocks);
             *data_size = 0;
-            return buf_size;
+            return AVERROR_INVALIDDATA;
         }
 
         memset(s->decoded0,  0, sizeof(s->decoded0));



More information about the ffmpeg-cvslog mailing list