mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
dpcm: Round output buffer size up.
Fixes: CVE-2011-3951 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
parent
ddf0c1d86a
commit
92115bb685
@ -205,9 +205,12 @@ static int dpcm_decode_frame(AVCodecContext *avctx, void *data,
|
||||
av_log(avctx, AV_LOG_ERROR, "packet is too small\n");
|
||||
return AVERROR(EINVAL);
|
||||
}
|
||||
if (out % s->channels) {
|
||||
av_log(avctx, AV_LOG_WARNING, "channels have differing number of samples\n");
|
||||
}
|
||||
|
||||
/* get output buffer */
|
||||
s->frame.nb_samples = out / s->channels;
|
||||
s->frame.nb_samples = (out + s->channels - 1) / s->channels;
|
||||
if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) {
|
||||
av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n");
|
||||
return ret;
|
||||
|
Loading…
Reference in New Issue
Block a user