highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

apedec: do not set s->samples until after validation.

Browse Source 
This prevents errors and/or invalid writes in the next decode call due to
s->samples still being negative.
This commit is contained in:
Justin Ruggles 2011-10-11 12:49:46 -04:00
parent 11ca8b2d74
commit b7e5145759
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libavcodec/apedec.c
View File

@ -832,7 +832,7 @@ static int ape_decode_frame(AVCodecContext *avctx,
s->ptr = s->last_ptr = s->data; s->ptr = s->last_ptr = s->data;
s->data_end = s->data + buf_size; s->data_end = s->data + buf_size;
nblocks = s->samples = bytestream_get_be32(&s->ptr); nblocks = bytestream_get_be32(&s->ptr);
n = bytestream_get_be32(&s->ptr); n = bytestream_get_be32(&s->ptr);
if(n < 0 || n > 3){ if(n < 0 || n > 3){
av_log(avctx, AV_LOG_ERROR, "Incorrect offset passed\n"); av_log(avctx, AV_LOG_ERROR, "Incorrect offset passed\n");
@ -843,10 +843,11 @@ static int ape_decode_frame(AVCodecContext *avctx,
s->currentframeblocks = nblocks; s->currentframeblocks = nblocks;
buf += 4; buf += 4;
if (s->samples <= 0) { if (nblocks <= 0) {
*data_size = 0; *data_size = 0;
return buf_size; return buf_size;
} }
s->samples = nblocks;
memset(s->decoded0, 0, sizeof(s->decoded0)); memset(s->decoded0, 0, sizeof(s->decoded0));
memset(s->decoded1, 0, sizeof(s->decoded1)); memset(s->decoded1, 0, sizeof(s->decoded1));