Displaying 1 result from an estimated 1 matches for "opus_decoder_old".
2012 Nov 13
1
Integer overflow in opus_packet_parse_impl
...result;
int error;
in_buf[0] = 0xff;
in_buf[1] = 0x41;
memset(in_buf + 2, 0xff, 16909315);
in_buf[16909317] = 0x0b;
decoder = opus_decoder_create(48000, 2, &error);
result = opus_decode(decoder, in_buf, 16909318, out_buf, 5760, 0);
}
Here is the patch I'm suggesting:
--- opus_decoder_old.c 2012-11-12 23:35:03.289595241 -0800
+++ opus_decoder.c 2012-11-12 23:36:44.550437586 -0800
@@ -34,6 +34,7 @@
#endif
#include <stdarg.h>
+#include <limits.h>
#include "celt.h"
#include "opus.h"
#include "entdec.h"
@@ -619,6 +620,8 @@...