flac: fix realloc loop with invalid flac files

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
author: Thomas Guillem <thomas@gllm.fr> 2015-04-16 19:33:31 +0300
committer: Luca Barbato <lu_zero@gentoo.org> 2015-04-20 13:41:33 +0300
commit: b18346817d57c96cc47811cf78b26653e96bd304 (patch)
tree: 33967da18a2b069ea95d63b272c2ca1f3411945e /libavcodec/flac_parser.c
parent: 2cc3936599b6fc63143036659653d1be0624360f (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/libavcodec/flac_parser.c b/libavcodec/flac_parser.c
index bf2c11821b..70b9a651e9 100644
--- a/libavcodec/flac_parser.c
+++ b/libavcodec/flac_parser.c
@@ -565,6 +565,15 @@ static int flac_parse(AVCodecParserContext *s, AVCodecContext *avctx,
                                               nb_desired * FLAC_AVG_FRAME_SIZE);
         }
 
+        if (!av_fifo_space(fpc->fifo_buf) &&
+            av_fifo_size(fpc->fifo_buf) / FLAC_AVG_FRAME_SIZE >
+            fpc->nb_headers_buffered * 10) {
+            /* There is less than one valid flac header buffered for 10 headers
+             * buffered. Therefore the fifo is most likely filled with invalid
+             * data and the input is not a flac file. */
+            goto handle_error;
+        }
+
         /* Fill the buffer. */
         if (av_fifo_realloc2(fpc->fifo_buf,
                              (read_end - read_start) + av_fifo_size(fpc->fifo_buf)) < 0) {
author	Thomas Guillem <thomas@gllm.fr>	2015-04-16 19:33:31 +0300
committer	Luca Barbato <lu_zero@gentoo.org>	2015-04-20 13:41:33 +0300
commit	b18346817d57c96cc47811cf78b26653e96bd304 (patch)
tree	33967da18a2b069ea95d63b272c2ca1f3411945e /libavcodec/flac_parser.c
parent	2cc3936599b6fc63143036659653d1be0624360f (diff)