virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-10-30 23:18:11 +02:00
Code Issues Releases Activity

avcodec/mace: check buffer size

Browse Source 
Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7f9d2775e090_8782_surge-2-8-MAC3.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer
2014-01-02 19:10:57 +01:00
parent c925e960e8
commit 2e59ffbb79
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
libavcodec/mace.c
View File

@@ -244,6 +244,13 @@ static int mace_decode_frame(AVCodecContext *avctx, void *data,
int i, j, k, l, ret;
int is_mace3 = (avctx->codec_id == AV_CODEC_ID_MACE3);
if (buf_size % (avctx->channels << is_mace3)) {
av_log(avctx, AV_LOG_ERROR, "buffer size %d is odd\n", buf_size);
buf_size -= buf_size % (avctx->channels << is_mace3);
if (!buf_size)
return AVERROR_INVALIDDATA;
}
/* get output buffer */
frame->nb_samples = 3 * (buf_size << (1 - is_mace3)) / avctx->channels;
if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)