From c426562cbfbe24f3b37ba98b80c128dbcc1b7cc8 Mon Sep 17 00:00:00 2001 From: Pascal Massimino Date: Sun, 11 Jul 2010 06:59:21 +0000 Subject: add some buffer checks Originally committed as revision 24184 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavcodec/libvorbis.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'libavcodec/libvorbis.c') diff --git a/libavcodec/libvorbis.c b/libavcodec/libvorbis.c index 892455a374..d0463adeef 100644 --- a/libavcodec/libvorbis.c +++ b/libavcodec/libvorbis.c @@ -172,6 +172,10 @@ static int oggvorbis_encode_frame(AVCodecContext *avccontext, * not, apparently the end of stream decision is in libogg. */ if(op.bytes==1 && op.e_o_s) continue; + if (context->buffer_index + sizeof(ogg_packet) + op.bytes > BUFFER_SIZE) { + av_log(avccontext, AV_LOG_ERROR, "libvorbis: buffer overflow."); + return -1; + } memcpy(context->buffer + context->buffer_index, &op, sizeof(ogg_packet)); context->buffer_index += sizeof(ogg_packet); memcpy(context->buffer + context->buffer_index, op.packet, op.bytes); @@ -189,6 +193,11 @@ static int oggvorbis_encode_frame(AVCodecContext *avccontext, avccontext->coded_frame->pts= av_rescale_q(op2->granulepos, (AVRational){1, avccontext->sample_rate}, avccontext->time_base); //FIXME we should reorder the user supplied pts and not assume that they are spaced by 1/sample_rate + if (l > buf_size) { + av_log(avccontext, AV_LOG_ERROR, "libvorbis: buffer overflow."); + return -1; + } + memcpy(packets, op2->packet, l); context->buffer_index -= l + sizeof(ogg_packet); memmove(context->buffer, context->buffer + l + sizeof(ogg_packet), context->buffer_index); -- cgit v1.2.3