shithub: opus

Download patch

ref: d74fa2785a7ca3d25767e90bbc09c11cfcf07349
parent: 132ed59464dccaae8f1e2f13f168763e99f85d17
author: Mark Harris <[email protected]>
date: Sat Nov 5 17:32:28 EDT 2016

Fix crash on bad encoder frame_size argument

--- a/src/opus_encoder.c
+++ b/src/opus_encoder.c
@@ -2171,7 +2171,11 @@
    ALLOC_STACK;
 
    frame_size = frame_size_select(analysis_frame_size, st->variable_duration, st->Fs);
-
+   if (frame_size <= 0)
+   {
+      RESTORE_STACK;
+      return OPUS_BAD_ARG;
+   }
    ALLOC(in, frame_size*st->channels, opus_int16);
 
    for (i=0;i<frame_size*st->channels;i++)
@@ -2202,7 +2206,11 @@
    ALLOC_STACK;
 
    frame_size = frame_size_select(analysis_frame_size, st->variable_duration, st->Fs);
-
+   if (frame_size <= 0)
+   {
+      RESTORE_STACK;
+      return OPUS_BAD_ARG;
+   }
    ALLOC(in, frame_size*st->channels, float);
 
    for (i=0;i<frame_size*st->channels;i++)
--- a/tests/test_opus_encode.c
+++ b/tests/test_opus_encode.c
@@ -384,6 +384,7 @@
 
    if(opus_encoder_ctl(enc, OPUS_SET_BANDWIDTH(OPUS_AUTO))!=OPUS_OK)test_failed();
    if(opus_encoder_ctl(enc, OPUS_SET_FORCE_MODE(-2))!=OPUS_BAD_ARG)test_failed();
+   if(opus_encode(enc, inbuf, 500, packet, MAX_PACKET)!=OPUS_BAD_ARG)test_failed();
 
    for(rc=0;rc<3;rc++)
    {