[FFmpeg-cvslog] vorbis: make sure ch is non zero before calling vorbis_residue_decode

Wed Jan 4 22:14:32 CET 2012

ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Wed Jan  4 21:55:52 2012 +0100| [ff7f198d7f9504f71676327be0be47661cfe39d6] | committer: Michael Niedermayer

vorbis: make sure ch is non zero before calling vorbis_residue_decode

This possibly makes part of the CVE-2011-3895 fix unneeded.

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ff7f198d7f9504f71676327be0be47661cfe39d6
---

 libavcodec/vorbisdec.c |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/libavcodec/vorbisdec.c b/libavcodec/vorbisdec.c
index cc737e9..1bd7a0b 100644
--- a/libavcodec/vorbisdec.c
+++ b/libavcodec/vorbisdec.c
@@ -1575,9 +1575,11 @@ static int vorbis_parse_audio_packet(vorbis_context *vc)
             av_log(vc->avccontext, AV_LOG_ERROR, "Too many channels in vorbis_floor_decode.\n");
             return -1;
         }
-        ret = vorbis_residue_decode(vc, residue, ch, do_not_decode, ch_res_ptr, vlen, ch_left);
-        if (ret < 0)
-            return ret;
+        if (ch) {
+            ret = vorbis_residue_decode(vc, residue, ch, do_not_decode, ch_res_ptr, vlen, ch_left);
+            if (ret < 0)
+                return ret;
+        }
 
         ch_res_ptr += ch * vlen;
         ch_left -= ch;

