ref: d74fa2785a7ca3d25767e90bbc09c11cfcf07349
parent: 132ed59464dccaae8f1e2f13f168763e99f85d17
author: Mark Harris <[email protected]>
date: Sat Nov 5 17:32:28 EDT 2016
Fix crash on bad encoder frame_size argument
--- a/src/opus_encoder.c
+++ b/src/opus_encoder.c
@@ -2171,7 +2171,11 @@
ALLOC_STACK;
frame_size = frame_size_select(analysis_frame_size, st->variable_duration, st->Fs);
-
+ if (frame_size <= 0)
+ {
+ RESTORE_STACK;
+ return OPUS_BAD_ARG;
+ }
ALLOC(in, frame_size*st->channels, opus_int16);
for (i=0;i<frame_size*st->channels;i++)
@@ -2202,7 +2206,11 @@
ALLOC_STACK;
frame_size = frame_size_select(analysis_frame_size, st->variable_duration, st->Fs);
-
+ if (frame_size <= 0)
+ {
+ RESTORE_STACK;
+ return OPUS_BAD_ARG;
+ }
ALLOC(in, frame_size*st->channels, float);
for (i=0;i<frame_size*st->channels;i++)
--- a/tests/test_opus_encode.c
+++ b/tests/test_opus_encode.c
@@ -384,6 +384,7 @@
if(opus_encoder_ctl(enc, OPUS_SET_BANDWIDTH(OPUS_AUTO))!=OPUS_OK)test_failed();
if(opus_encoder_ctl(enc, OPUS_SET_FORCE_MODE(-2))!=OPUS_BAD_ARG)test_failed();
+ if(opus_encode(enc, inbuf, 500, packet, MAX_PACKET)!=OPUS_BAD_ARG)test_failed();
for(rc=0;rc<3;rc++)
{