]> git.sesse.net Git - ffmpeg/blobdiff - libavcodec/g722dec.c
projects / ffmpeg / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fraps: check overread per sample instead of per line
[ffmpeg] / libavcodec / g722dec.c
diff --git a/libavcodec/g722dec.c b/libavcodec/g722dec.c
index d2d2a48c3444edb435d3e1520912005f8a15307b..2be47159a4f57867891d665c6d1639471c6e5960 100644 (file)
--- a/libavcodec/g722dec.c
+++ b/libavcodec/g722dec.c
@@ -85,11 +85,17 @@ static int g722_decode_frame(AVCodecContext *avctx, void *data,
 {
     G722Context *c = avctx->priv_data;
     int16_t *out_buf = data;
-    int j, out_len = 0;
+    int j, out_len;
     const int skip = 8 - avctx->bits_per_coded_sample;
     const int16_t *quantizer_table = low_inv_quants[skip];
     GetBitContext gb;
 
+    out_len = avpkt->size * 2 * av_get_bytes_per_sample(avctx->sample_fmt);
+    if (*data_size < out_len) {
+        av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n");
+        return AVERROR(EINVAL);
+    }
+
     init_get_bits(&gb, avpkt->data, avpkt->size * 8);
 
     for (j = 0; j < avpkt->size; j++) {
@@ -105,26 +111,24 @@ static int g722_decode_frame(AVCodecContext *avctx, void *data,
 
         ff_g722_update_low_predictor(&c->band[0], ilow >> (2 - skip));
 
-            dhigh = c->band[1].scale_factor *
-                    ff_g722_high_inv_quant[ihigh] >> 10;
-            rhigh = av_clip(dhigh + c->band[1].s_predictor, -16384, 16383);
-
-            ff_g722_update_high_predictor(&c->band[1], dhigh, ihigh);
-
-            c->prev_samples[c->prev_samples_pos++] = rlow + rhigh;
-            c->prev_samples[c->prev_samples_pos++] = rlow - rhigh;
-            ff_g722_apply_qmf(c->prev_samples + c->prev_samples_pos - 24,
-                              &xout1, &xout2);
-            out_buf[out_len++] = av_clip_int16(xout1 >> 12);
-            out_buf[out_len++] = av_clip_int16(xout2 >> 12);
-            if (c->prev_samples_pos >= PREV_SAMPLES_BUF_SIZE) {
-                memmove(c->prev_samples,
-                        c->prev_samples + c->prev_samples_pos - 22,
-                        22 * sizeof(c->prev_samples[0]));
-                c->prev_samples_pos = 22;
-            }
+        dhigh = c->band[1].scale_factor * ff_g722_high_inv_quant[ihigh] >> 10;
+        rhigh = av_clip(dhigh + c->band[1].s_predictor, -16384, 16383);
+
+        ff_g722_update_high_predictor(&c->band[1], dhigh, ihigh);
+
+        c->prev_samples[c->prev_samples_pos++] = rlow + rhigh;
+        c->prev_samples[c->prev_samples_pos++] = rlow - rhigh;
+        ff_g722_apply_qmf(c->prev_samples + c->prev_samples_pos - 24,
+                          &xout1, &xout2);
+        *out_buf++ = av_clip_int16(xout1 >> 12);
+        *out_buf++ = av_clip_int16(xout2 >> 12);
+        if (c->prev_samples_pos >= PREV_SAMPLES_BUF_SIZE) {
+            memmove(c->prev_samples, c->prev_samples + c->prev_samples_pos - 22,
+                    22 * sizeof(c->prev_samples[0]));
+            c->prev_samples_pos = 22;
+        }
     }
-    *data_size = out_len << 1;
+    *data_size = out_len;
     return avpkt->size;
 }
 
Unnamed repository; edit this file 'description' to name the repository.