diff options
Diffstat (limited to 'libavcodec/flac.c')
| -rw-r--r-- | libavcodec/flac.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/libavcodec/flac.c b/libavcodec/flac.c index 6c64ad0a1b..e704d990e3 100644 --- a/libavcodec/flac.c +++ b/libavcodec/flac.c @@ -454,7 +454,7 @@ static inline int decode_subframe(FLACContext *s, int channel) return 0; } -static int decode_frame(FLACContext *s) +static int decode_frame(FLACContext *s, int alloc_data_size) { int blocksize_code, sample_rate_code, sample_size_code, assignment, i, crc8; int decorrelation, bps, blocksize, samplerate; @@ -516,6 +516,9 @@ static int decode_frame(FLACContext *s) return -1; } + if(blocksize * s->channels * sizeof(int16_t) > alloc_data_size) + return -1; + if (sample_rate_code == 0){ samplerate= s->samplerate; }else if ((sample_rate_code > 3) && (sample_rate_code < 12)) @@ -579,6 +582,9 @@ static int flac_decode_frame(AVCodecContext *avctx, FLACContext *s = avctx->priv_data; int tmp = 0, i, j = 0, input_buf_size = 0; int16_t *samples = data; + int alloc_data_size= *data_size; + + *data_size=0; if(s->max_framesize == 0){ s->max_framesize= 65536; // should hopefully be enough for the first header @@ -617,7 +623,7 @@ static int flac_decode_frame(AVCodecContext *avctx, goto end; // we may not have enough bits left to decode a frame, so try next time } skip_bits(&s->gb, 16); - if (decode_frame(s) < 0){ + if (decode_frame(s, alloc_data_size) < 0){ av_log(s->avctx, AV_LOG_ERROR, "decode_frame() failed\n"); s->bitstream_size=0; s->bitstream_index=0; |