virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-26 19:01:44 +02:00
Code Issues Releases Activity

alac: fix integer overflow leading to subsequent out of array accesses.

Browse Source 
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2012-11-10 17:41:56 +01:00
parent fd4f4923cc
commit 3920d13878
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libavcodec/alac.c
View File

@ -542,7 +542,11 @@ static av_cold int alac_decode_close(AVCodecContext *avctx)
static int allocate_buffers(ALACContext *alac) static int allocate_buffers(ALACContext *alac)
{ {
int ch; int ch;
int buf_size = alac->max_samples_per_frame * sizeof(int32_t); int buf_size;
if (alac->max_samples_per_frame > INT_MAX / sizeof(int32_t))
goto buf_alloc_fail;
buf_size = alac->max_samples_per_frame * sizeof(int32_t);
for (ch = 0; ch < FFMIN(alac->channels, 2); ch++) { for (ch = 0; ch < FFMIN(alac->channels, 2); ch++) {
FF_ALLOC_OR_GOTO(alac->avctx, alac->predict_error_buffer[ch], FF_ALLOC_OR_GOTO(alac->avctx, alac->predict_error_buffer[ch],