[FFmpeg-cvslog] apedec: use unsigned int for 'nblocks' and make sure that it' s within int range
Justin Ruggles
git at videolan.org
Fri Nov 4 13:22:24 CET 2011
ffmpeg | branch: release/0.8 | Justin Ruggles <justin.ruggles at gmail.com> | Tue Oct 11 13:17:44 2011 -0400| [998fc04bcfeeaa2b0885ee84e37bcd345797981a] | committer: Michael Niedermayer
apedec: use unsigned int for 'nblocks' and make sure that it's within int range
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=998fc04bcfeeaa2b0885ee84e37bcd345797981a
---
libavcodec/apedec.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index 4c2d238..260ef2e 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -802,7 +802,7 @@ static int ape_decode_frame(AVCodecContext * avctx,
int buf_size = avpkt->size;
APEContext *s = avctx->priv_data;
int16_t *samples = data;
- int nblocks;
+ uint32_t nblocks;
int i, n;
int blockstodecode;
int bytes_used;
@@ -838,9 +838,10 @@ static int ape_decode_frame(AVCodecContext * avctx,
s->currentframeblocks = nblocks;
buf += 4;
- if (s->samples <= 0) {
+ if (!nblocks || nblocks > INT_MAX) {
+ av_log(avctx, AV_LOG_ERROR, "Invalid sample count: %u.\n", nblocks);
*data_size = 0;
- return buf_size;
+ return AVERROR_INVALIDDATA;
}
memset(s->decoded0, 0, sizeof(s->decoded0));
More information about the ffmpeg-cvslog
mailing list