[FFmpeg-cvslog] wavpack: check the blocks sample count, fix out of array accesses

Tue Nov 13 01:41:21 CET 2012

ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Tue Nov 13 01:12:26 2012 +0100| [d8a1eb11b72071ba88946191f8bc9701167d39a6] | committer: Michael Niedermayer

wavpack: check the blocks sample count, fix out of array accesses

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d8a1eb11b72071ba88946191f8bc9701167d39a6
---

 libavcodec/wavpack.c |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index b36fa0a..bc038a9 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -806,6 +806,10 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no,
             *got_frame_ptr = 0;
             return 0;
         }
+        if (s->samples > wc->samples) {
+            av_log(avctx, AV_LOG_ERROR, "too many samples in block");
+            return -1;
+        }
     } else {
         s->samples = wc->samples;
     }

