On Wed, Oct 26, 2011 at 04:18:27PM -0400, Justin Ruggles wrote:
> ---
> libavcodec/apedec.c | 8 ++++----
> 1 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
> index 06ffbbd..81f412e 100644
> --- a/libavcodec/apedec.c
> +++ b/libavcodec/apedec.c
> @@ -812,7 +812,7 @@ static int ape_decode_frame(AVCodecContext *avctx,
> int buf_size = avpkt->size;
> APEContext *s = avctx->priv_data;
> int16_t *samples = data;
> - int nblocks;
> + uint32_t nblocks;
> int i, n;
> int blockstodecode;
> int bytes_used;
> @@ -843,9 +843,9 @@ static int ape_decode_frame(AVCodecContext *avctx,
>
> s->currentframeblocks = nblocks;
> buf += 4;
> - if (nblocks <= 0) {
> - *data_size = 0;
> - return buf_size;
> + if (!nblocks || nblocks > INT_MAX) {
> + av_log(avctx, AV_LOG_ERROR, "Invalid sample count: %u.\n",
> nblocks);
> + return AVERROR_INVALIDDATA;
> }
> s->samples = nblocks;
>
> --
OK
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
