[FFmpeg-cvslog] r22658 - in branches/0.5: . libavcodec/vorbis_dec.c
siretart
subversion
Wed Mar 24 20:35:31 CET 2010
Author: siretart
Date: Wed Mar 24 20:35:30 2010
New Revision: 22658
Log:
Check validity of channels & samplerate.
This may be security relevant.
Based on 2 patches by chrome.
backport r19975 by michael
Modified:
branches/0.5/ (props changed)
branches/0.5/libavcodec/vorbis_dec.c
Modified: branches/0.5/libavcodec/vorbis_dec.c
==============================================================================
--- branches/0.5/libavcodec/vorbis_dec.c Wed Mar 24 19:52:27 2010 (r22657)
+++ branches/0.5/libavcodec/vorbis_dec.c Wed Mar 24 20:35:30 2010 (r22658)
@@ -902,8 +902,16 @@ static int vorbis_parse_id_hdr(vorbis_co
}
vc->version=get_bits_long(gb, 32); //FIXME check 0
- vc->audio_channels=get_bits(gb, 8); //FIXME check >0
- vc->audio_samplerate=get_bits_long(gb, 32); //FIXME check >0
+ vc->audio_channels=get_bits(gb, 8);
+ if(vc->audio_channels <= 0){
+ av_log(vc->avccontext, AV_LOG_ERROR, "Invalid number of channels\n");
+ return -1;
+ }
+ vc->audio_samplerate=get_bits_long(gb, 32);
+ if(vc->audio_samplerate <= 0){
+ av_log(vc->avccontext, AV_LOG_ERROR, "Invalid samplerate\n");
+ return -1;
+ }
vc->bitrate_maximum=get_bits_long(gb, 32);
vc->bitrate_nominal=get_bits_long(gb, 32);
vc->bitrate_minimum=get_bits_long(gb, 32);
More information about the ffmpeg-cvslog
mailing list