From d74fa2785a7ca3d25767e90bbc09c11cfcf07349 Mon Sep 17 00:00:00 2001
From: Mark Harris <mark.hsj@gmail.com>
Date: Sat, 5 Nov 2016 21:32:28 -0700
Subject: [PATCH] Fix crash on bad encoder frame_size argument

---
 src/opus_encoder.c       | 12 ++++++++++--
 tests/test_opus_encode.c |  1 +
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/opus_encoder.c b/src/opus_encoder.c
index 4c84efeca..226a2de61 100644
--- a/src/opus_encoder.c
+++ b/src/opus_encoder.c
@@ -2171,7 +2171,11 @@ opus_int32 opus_encode_float(OpusEncoder *st, const float *pcm, int analysis_fra
    ALLOC_STACK;
 
    frame_size = frame_size_select(analysis_frame_size, st->variable_duration, st->Fs);
-
+   if (frame_size <= 0)
+   {
+      RESTORE_STACK;
+      return OPUS_BAD_ARG;
+   }
    ALLOC(in, frame_size*st->channels, opus_int16);
 
    for (i=0;i<frame_size*st->channels;i++)
@@ -2202,7 +2206,11 @@ opus_int32 opus_encode(OpusEncoder *st, const opus_int16 *pcm, int analysis_fram
    ALLOC_STACK;
 
    frame_size = frame_size_select(analysis_frame_size, st->variable_duration, st->Fs);
-
+   if (frame_size <= 0)
+   {
+      RESTORE_STACK;
+      return OPUS_BAD_ARG;
+   }
    ALLOC(in, frame_size*st->channels, float);
 
    for (i=0;i<frame_size*st->channels;i++)
diff --git a/tests/test_opus_encode.c b/tests/test_opus_encode.c
index ae54bb606..b8427138a 100644
--- a/tests/test_opus_encode.c
+++ b/tests/test_opus_encode.c
@@ -384,6 +384,7 @@ int run_test1(int no_fuzz)
 
    if(opus_encoder_ctl(enc, OPUS_SET_BANDWIDTH(OPUS_AUTO))!=OPUS_OK)test_failed();
    if(opus_encoder_ctl(enc, OPUS_SET_FORCE_MODE(-2))!=OPUS_BAD_ARG)test_failed();
+   if(opus_encode(enc, inbuf, 500, packet, MAX_PACKET)!=OPUS_BAD_ARG)test_failed();
 
    for(rc=0;rc<3;rc++)
    {
-- 
GitLab