From 9f1473b304ae11ee09b7ae22016c951fdce31dd2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 27 Apr 2007 12:41:55 +0000 Subject: [PATCH] fix exploitable buffer overflow Originally committed as revision 8850 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavcodec/dca.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/dca.c b/libavcodec/dca.c index a5470073f0..1c040e21ee 100644 --- a/libavcodec/dca.c +++ b/libavcodec/dca.c @@ -1089,6 +1089,9 @@ static int dca_convert_bitstream(uint8_t * src, int src_size, uint8_t * dst, uint16_t *ssrc = (uint16_t *) src, *sdst = (uint16_t *) dst; PutBitContext pb; + if((unsigned)src_size > (unsigned)max_size) + return -1; + mrk = AV_RB32(src); switch (mrk) { case DCA_MARKER_RAW_BE: