Fix input buffer size check in adpcm_ea decoder.

Unfortunately the output buffer size check assumes that the input buffer is never over-consumed, thus this actually also allowed to write outside the output buffer if "lucky".
2011-04-08 01:19:21 +02:00 · 2011-04-08 01:19:21 +02:00 · 701d0eb185
commit 701d0eb185
parent afaedbd6f7
1 changed files with 1 additions and 1 deletions
--- a/libavcodec/adpcm.c
+++ b/libavcodec/adpcm.c
@ -1291,7 +1291,7 @@ static int adpcm_decode_frame(AVCodecContext *avctx,
        }
        break;
    case CODEC_ID_ADPCM_EA:
-        if (buf_size < 4 || AV_RL32(src) >= ((buf_size - 12) * 2)) {
+        if (buf_size < 12 || AV_RL32(src) > (buf_size - 12)/30*28) {
            src += buf_size;
            break;
        }