ref: 2499f8d36000abf9c67727b98da93ecbd004cf29
parent: 2386ab2c67bb2a680a669322f80921fd362f1b90
author: Sigrid Solveig Haflínudóttir <[email protected]>
date: Tue Mar 5 20:26:51 EST 2024
opus: give up if segment sizes can't all fit into the buffer
--- a/opus.c
+++ b/opus.c
@@ -17,7 +17,7 @@
/* calculate the size of the packet */
nsegs = d[26];
- if(ctx->read(ctx, d, nsegs+8) != nsegs+8)
+ if(nsegs > ctx->bufsz-8 || ctx->read(ctx, d, nsegs+8) != nsegs+8)
return -1;
for(sz = i = 0; i < nsegs; sz += d[i++]);