[vlc-devel] [PATCH 1/1] twolame: avoid buffer overflow
Tristan Matthews
le.businessman at gmail.com
Sat Sep 27 21:10:48 CEST 2014
This should fix a crash reported on #videolan:
http://pastie.org/private/haevgzk8vqei5gohgov55a
---
modules/codec/twolame.c | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
diff --git a/modules/codec/twolame.c b/modules/codec/twolame.c
index 3257b76..ec5498a 100644
--- a/modules/codec/twolame.c
+++ b/modules/codec/twolame.c
@@ -251,12 +251,24 @@ static int OpenEncoder( vlc_object_t *p_this )
****************************************************************************/
static void Bufferize( encoder_t *p_enc, int16_t *p_in, int i_nb_samples )
{
- int16_t *p_buffer = p_enc->p_sys->p_buffer
- + (p_enc->p_sys->i_nb_samples
- * p_enc->fmt_in.audio.i_channels);
+ encoder_sys_t *p_sys = p_enc->p_sys;
+ int16_t *p_buffer = p_sys->p_buffer +
+ (p_sys->i_nb_samples * p_enc->fmt_in.audio.i_channels);
+ const int16_t *p_end = p_sys->p_buffer + ARRAY_SIZE(p_sys->p_buffer);
+ if (p_buffer >= p_end)
+ {
+ msg_Err( p_enc, "buffer full" );
+ return;
+ }
+
+ int i_copy = i_nb_samples * p_enc->fmt_in.audio.i_channels;
+ if( i_copy + p_buffer > p_end )
+ {
+ msg_Err( p_enc, "dropping samples" );
+ i_copy = p_end - p_buffer;
+ }
- memcpy( p_buffer, p_in, i_nb_samples * p_enc->fmt_in.audio.i_channels
- * sizeof(int16_t) );
+ memcpy( p_buffer, p_in, i_copy * sizeof(int16_t) );
}
static block_t *Encode( encoder_t *p_enc, block_t *p_aout_buf )
--
1.9.1
More information about the vlc-devel
mailing list