From 9f1473b304ae11ee09b7ae22016c951fdce31dd2 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Fri, 27 Apr 2007 12:41:55 +0000
Subject: fix exploitable buffer overflow

Originally committed as revision 8850 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavcodec/dca.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'libavcodec/dca.c')

diff --git a/libavcodec/dca.c b/libavcodec/dca.c
index a5470073f0..1c040e21ee 100644
--- a/libavcodec/dca.c
+++ b/libavcodec/dca.c
@@ -1089,6 +1089,9 @@ static int dca_convert_bitstream(uint8_t * src, int src_size, uint8_t * dst,
     uint16_t *ssrc = (uint16_t *) src, *sdst = (uint16_t *) dst;
     PutBitContext pb;
 
+    if((unsigned)src_size > (unsigned)max_size)
+        return -1;
+
     mrk = AV_RB32(src);
     switch (mrk) {
     case DCA_MARKER_RAW_BE:
-- 
cgit v1.2.3