Browse code
apedec: do not set s->samples until after validation.
This prevents errors and/or invalid writes in the next decode call due to
s->samples still being negative.
Justin Ruggles authored on 2011/10/12 01:49:46Showing 1 changed files
| ... | ... |
@@ -832,7 +832,7 @@ static int ape_decode_frame(AVCodecContext *avctx, |
| 832 | 832 |
s->ptr = s->last_ptr = s->data; |
| 833 | 833 |
s->data_end = s->data + buf_size; |
| 834 | 834 |
|
| 835 |
- nblocks = s->samples = bytestream_get_be32(&s->ptr); |
|
| 835 |
+ nblocks = bytestream_get_be32(&s->ptr); |
|
| 836 | 836 |
n = bytestream_get_be32(&s->ptr); |
| 837 | 837 |
if(n < 0 || n > 3){
|
| 838 | 838 |
av_log(avctx, AV_LOG_ERROR, "Incorrect offset passed\n"); |
| ... | ... |
@@ -843,10 +843,11 @@ static int ape_decode_frame(AVCodecContext *avctx, |
| 843 | 843 |
|
| 844 | 844 |
s->currentframeblocks = nblocks; |
| 845 | 845 |
buf += 4; |
| 846 |
- if (s->samples <= 0) {
|
|
| 846 |
+ if (nblocks <= 0) {
|
|
| 847 | 847 |
*data_size = 0; |
| 848 | 848 |
return buf_size; |
| 849 | 849 |
} |
| 850 |
+ s->samples = nblocks; |
|
| 850 | 851 |
|
| 851 | 852 |
memset(s->decoded0, 0, sizeof(s->decoded0)); |
| 852 | 853 |
memset(s->decoded1, 0, sizeof(s->decoded1)); |