diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2007-04-27 12:41:55 +0000 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2007-04-27 12:41:55 +0000 |
| commit | 9f1473b304ae11ee09b7ae22016c951fdce31dd2 (patch) | |
| tree | 24fe400394ede4fdb693a7fadeb839fb1b4869f8 /libavcodec/dca.c | |
| parent | e69364b700a6c0cb411ddc7737bc8e9e701d0cb8 (diff) | |
fix exploitable buffer overflow
Originally committed as revision 8850 to svn://svn.ffmpeg.org/ffmpeg/trunk
Diffstat (limited to 'libavcodec/dca.c')
| -rw-r--r-- | libavcodec/dca.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/libavcodec/dca.c b/libavcodec/dca.c index a5470073f0..1c040e21ee 100644 --- a/libavcodec/dca.c +++ b/libavcodec/dca.c @@ -1089,6 +1089,9 @@ static int dca_convert_bitstream(uint8_t * src, int src_size, uint8_t * dst, uint16_t *ssrc = (uint16_t *) src, *sdst = (uint16_t *) dst; PutBitContext pb; + if((unsigned)src_size > (unsigned)max_size) + return -1; + mrk = AV_RB32(src); switch (mrk) { case DCA_MARKER_RAW_BE: |