Do not try to decode more data than output buffer may hold

Originally committed as revision 10560 to svn://svn.ffmpeg.org/ffmpeg/trunk

diff --git a/libavcodec/adx.c b/libavcodec/adx.c
index 593c19d..2b44b89 100644 (file)
--- a/libavcodec/adx.c
+++ b/libavcodec/adx.c
@@ -328,6 +328,11 @@ static int adx_decode_frame(AVCodecContext *avctx,
         rest -= hdrsize;
     }
 
+    /* 18 bytes of data are expanded into 32*2 bytes of audio,
+       so guard against buffer overflows */
+    if(rest/18 > *data_size/64)
+        rest = (*data_size/64) * 18;
+
     if (c->in_temp) {
         int copysize = 18*avctx->channels - c->in_temp;
         memcpy(c->dec_temp+c->in_temp,buf,copysize);