avcodec/ffwavesynth: Fix integer overflows in pink noise addition

[ffmpeg] / libavcodec / smc.c

diff --git a/libavcodec/smc.c b/libavcodec/smc.c
index 79f9a757a0502e63768b287273eb2af7f5605720..2beb1ce29155fa7cd9cf6b3a5c97cdc2bd648d18 100644 (file)
--- a/libavcodec/smc.c
+++ b/libavcodec/smc.c
@@ -438,10 +438,14 @@ static int smc_decode_frame(AVCodecContext *avctx,
     int pal_size;
     const uint8_t *pal = av_packet_get_side_data(avpkt, AV_PKT_DATA_PALETTE, &pal_size);
     int ret;
+    int total_blocks = ((s->avctx->width + 3) / 4) * ((s->avctx->height + 3) / 4);
+
+    if (total_blocks / 1024 > avpkt->size)
+        return AVERROR_INVALIDDATA;
 
     bytestream2_init(&s->gb, buf, buf_size);
 
-    if ((ret = ff_reget_buffer(avctx, s->frame)) < 0)
+    if ((ret = ff_reget_buffer(avctx, s->frame, 0)) < 0)
         return ret;
 
     if (pal && pal_size == AVPALETTE_SIZE) {