twolame: avoid buffer overflow

author Tristan Matthews <tmatth@videolan.org>

Sat, 27 Sep 2014 19:07:51 +0000 (15:07 -0400)

committer Tristan Matthews <tmatth@videolan.org>

Tue, 30 Sep 2014 01:04:57 +0000 (21:04 -0400)
author Tristan Matthews <tmatth@videolan.org>
Sat, 27 Sep 2014 19:07:51 +0000 (15:07 -0400)
committer Tristan Matthews <tmatth@videolan.org>
Tue, 30 Sep 2014 01:04:57 +0000 (21:04 -0400)
diff --git a/modules/codec/twolame.c b/modules/codec/twolame.c

index 3257b76e5fde5ddf90e1a2cbda8a7b22144d8053..b44647e1da51e485a9a722c5ad2e7b15257986ad 100644 (file)
--- a/modules/codec/twolame.c
+++ b/modules/codec/twolame.c
@@ -251,12 +251,24 @@ static int OpenEncoder( vlc_object_t *p_this )
   ****************************************************************************/
  static void Bufferize( encoder_t *p_enc, int16_t *p_in, int i_nb_samples )
  {
-    int16_t *p_buffer = p_enc->p_sys->p_buffer
-                         + (p_enc->p_sys->i_nb_samples
-                             * p_enc->fmt_in.audio.i_channels);
+    encoder_sys_t *p_sys = p_enc->p_sys;
+    const unsigned i_offset = p_sys->i_nb_samples * p_enc->fmt_in.audio.i_channels;
+    const unsigned i_len = ARRAY_SIZE(p_sys->p_buffer);
+
+    if( i_offset >= i_len )
+    {
+        msg_Err( p_enc, "buffer full" );
+        return;
+    }
+
+    unsigned i_copy = i_nb_samples * p_enc->fmt_in.audio.i_channels;
+    if( i_copy + i_offset > i_len)
+    {
+        msg_Err( p_enc, "dropping samples" );
+        i_copy = i_len - i_offset;
+    }
  
-    memcpy( p_buffer, p_in, i_nb_samples * p_enc->fmt_in.audio.i_channels
-                             * sizeof(int16_t) );
+    memcpy( p_sys->p_buffer + i_offset, p_in, i_copy * sizeof(int16_t) );
  }
  
  static block_t *Encode( encoder_t *p_enc, block_t *p_aout_buf )
author	Tristan Matthews <tmatth@videolan.org>
	Sat, 27 Sep 2014 19:07:51 +0000 (15:07 -0400)
committer	Tristan Matthews <tmatth@videolan.org>
	Tue, 30 Sep 2014 01:04:57 +0000 (21:04 -0400)