From ae14887ee7f2a2c02957845b84afd711cf702b9b Mon Sep 17 00:00:00 2001 From: Nicolas George Date: Thu, 31 Jan 2013 14:24:57 +0100 Subject: lavfi/af_amerge: check for buffer queue overflows. Without that test, ff_bufqueue_add silently discards the oldest buffer, that leaves in[i].nb_samples inconsistent, and causes later a segfault. --- libavfilter/af_amerge.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'libavfilter/af_amerge.c') diff --git a/libavfilter/af_amerge.c b/libavfilter/af_amerge.c index 44b71e4acb..e55268259e 100644 --- a/libavfilter/af_amerge.c +++ b/libavfilter/af_amerge.c @@ -231,6 +231,11 @@ static int filter_frame(AVFilterLink *inlink, AVFilterBufferRef *insamples) if (inlink == ctx->inputs[input_number]) break; av_assert1(input_number < am->nb_inputs); + if (ff_bufqueue_is_full(&am->in[input_number].queue)) { + av_log(ctx, AV_LOG_ERROR, "Buffer queue overflow\n"); + avfilter_unref_buffer(insamples); + return AVERROR(ENOMEM); + } ff_bufqueue_add(ctx, &am->in[input_number].queue, insamples); am->in[input_number].nb_samples += insamples->audio->nb_samples; nb_samples = am->in[0].nb_samples; -- cgit v1.2.3