From c8f25cafd2f23662bcb1e62965c0c42d6989688a Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Sat, 26 Jan 2013 04:27:23 +0100
Subject: atrac3: fix buffer size for get_bits.

Fixes out of array reads

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/atrac3.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'libavcodec/atrac3.c')

diff --git a/libavcodec/atrac3.c b/libavcodec/atrac3.c
index 84c5c11fca..1e54784a8d 100644
--- a/libavcodec/atrac3.c
+++ b/libavcodec/atrac3.c
@@ -740,7 +740,7 @@ static int decode_frame(AVCodecContext *avctx, const uint8_t *databuf,
 
 
         /* set the bitstream reader at the start of the second Sound Unit*/
-        init_get_bits(&q->gb, ptr1, avctx->block_align * 8);
+        init_get_bits8(&q->gb, ptr1, q->decoded_bytes_buffer + avctx->block_align - ptr1);
 
         /* Fill the Weighting coeffs delay buffer */
         memmove(q->weighting_delay, &q->weighting_delay[2],
-- 
cgit v1.2.3