Mercurial > libavcodec.hg
comparison dca.c @ 4883:9055ed00a295 libavcodec
fix exploitable buffer overflow
| author | michael |
|---|---|
| date | Fri, 27 Apr 2007 12:41:55 +0000 |
| parents | 384c95879d8b |
| children | 2b3fbf807734 |
comparison
equal
deleted
inserted
replaced
| 4882:8131ccb4ea72 | 4883:9055ed00a295 |
|---|---|
| 1087 uint32_t mrk; | 1087 uint32_t mrk; |
| 1088 int i, tmp; | 1088 int i, tmp; |
| 1089 uint16_t *ssrc = (uint16_t *) src, *sdst = (uint16_t *) dst; | 1089 uint16_t *ssrc = (uint16_t *) src, *sdst = (uint16_t *) dst; |
| 1090 PutBitContext pb; | 1090 PutBitContext pb; |
| 1091 | 1091 |
| 1092 if((unsigned)src_size > (unsigned)max_size) | |
| 1093 return -1; | |
| 1094 | |
| 1092 mrk = AV_RB32(src); | 1095 mrk = AV_RB32(src); |
| 1093 switch (mrk) { | 1096 switch (mrk) { |
| 1094 case DCA_MARKER_RAW_BE: | 1097 case DCA_MARKER_RAW_BE: |
| 1095 memcpy(dst, src, FFMIN(src_size, max_size)); | 1098 memcpy(dst, src, FFMIN(src_size, max_size)); |
| 1096 return FFMIN(src_size, max_size); | 1099 return FFMIN(src_size, max_size); |