shithub: opus

Download patch

ref: 1827db6a601e02729475c4618500f49f8b0cbefa
parent: 01b035f8ba4f48e9e1ad9f9407f77ce9a7e4aa44
author: Mark Harris <mark.hsj@gmail.com>
date: Sat Jul 21 17:10:17 EDT 2018 

Validate multistream/projection decoder frame_size


--- a/src/opus_multistream_decoder.c
+++ b/src/opus_multistream_decoder.c
@@ -201,6 +201,11 @@
    ALLOC_STACK;
 
    VALIDATE_MS_DECODER(st);
+   if (frame_size <= 0)
+   {
+      RESTORE_STACK;
+      return OPUS_BAD_ARG;
+   }
    /* Limit frame_size to avoid excessive stack allocations. */
    MUST_SUCCEED(opus_multistream_decoder_ctl(st, OPUS_GET_SAMPLE_RATE(&Fs)));
    frame_size = IMIN(frame_size, Fs/25*3);
--- a/tests/test_opus_api.c
+++ b/tests/test_opus_api.c
@@ -653,6 +653,8 @@
    packet[1]=packet[2]=0;
    if(opus_multistream_decode(dec, packet, -1, sbuf, 960, 0)!=OPUS_BAD_ARG){printf("%d\n",opus_multistream_decode(dec, packet, -1, sbuf, 960, 0));test_failed();}
    cfgs++;
+   if(opus_multistream_decode(dec, packet, 3, sbuf, -960, 0)!=OPUS_BAD_ARG)test_failed();
+   cfgs++;
    if(opus_multistream_decode(dec, packet, 3, sbuf, 60, 0)!=OPUS_BUFFER_TOO_SMALL)test_failed();
    cfgs++;
    if(opus_multistream_decode(dec, packet, 3, sbuf, 480, 0)!=OPUS_BUFFER_TOO_SMALL)test_failed();