[SCM] libav/experimental: add some buffer checks
siretart at users.alioth.debian.org
siretart at users.alioth.debian.org
Sun Jun 30 17:11:02 UTC 2013
The following commit has been merged in the experimental branch:
commit c426562cbfbe24f3b37ba98b80c128dbcc1b7cc8
Author: Pascal Massimino <pascal.massimino at gmail.com>
Date: Sun Jul 11 06:59:21 2010 +0000
add some buffer checks
Originally committed as revision 24184 to svn://svn.ffmpeg.org/ffmpeg/trunk
diff --git a/libavcodec/libvorbis.c b/libavcodec/libvorbis.c
index 892455a..d0463ad 100644
--- a/libavcodec/libvorbis.c
+++ b/libavcodec/libvorbis.c
@@ -172,6 +172,10 @@ static int oggvorbis_encode_frame(AVCodecContext *avccontext,
* not, apparently the end of stream decision is in libogg. */
if(op.bytes==1 && op.e_o_s)
continue;
+ if (context->buffer_index + sizeof(ogg_packet) + op.bytes > BUFFER_SIZE) {
+ av_log(avccontext, AV_LOG_ERROR, "libvorbis: buffer overflow.");
+ return -1;
+ }
memcpy(context->buffer + context->buffer_index, &op, sizeof(ogg_packet));
context->buffer_index += sizeof(ogg_packet);
memcpy(context->buffer + context->buffer_index, op.packet, op.bytes);
@@ -189,6 +193,11 @@ static int oggvorbis_encode_frame(AVCodecContext *avccontext,
avccontext->coded_frame->pts= av_rescale_q(op2->granulepos, (AVRational){1, avccontext->sample_rate}, avccontext->time_base);
//FIXME we should reorder the user supplied pts and not assume that they are spaced by 1/sample_rate
+ if (l > buf_size) {
+ av_log(avccontext, AV_LOG_ERROR, "libvorbis: buffer overflow.");
+ return -1;
+ }
+
memcpy(packets, op2->packet, l);
context->buffer_index -= l + sizeof(ogg_packet);
memmove(context->buffer, context->buffer + l + sizeof(ogg_packet), context->buffer_index);
--
Libav/FFmpeg packaging
More information about the pkg-multimedia-commits
mailing list