From e19b53f81495704b9286b08529017815a5d6becc Mon Sep 17 00:00:00 2001
From: Max Kellermann <max@duempel.org>
Date: Wed, 12 Nov 2008 08:16:54 +0100
Subject: aac: check the buffer length in the ADIF parser

Check whether enough data has been read yet.
---
 src/decoder/aac_plugin.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/decoder')

diff --git a/src/decoder/aac_plugin.c b/src/decoder/aac_plugin.c
index 477efb773..63003e7c2 100644
--- a/src/decoder/aac_plugin.c
+++ b/src/decoder/aac_plugin.c
@@ -220,6 +220,12 @@ static void aac_parse_header(AacBuffer * b, float *length)
 		unsigned bitRate;
 		size_t skipSize = (b->buffer[4] & 0x80) ? 9 : 0;
 
+
+		if (8 + skipSize > b->bytesIntoBuffer)
+			/* not enough data yet; skip parsing this
+			   header */
+			return;
+
 		bitRate =
 		    ((unsigned int)(b->
 				    buffer[4 +
-- 
cgit v1.2.3