[FFmpeg-cvslog] vorbis: make sure ch is non zero before calling vorbis_residue_decode

Michael Niedermayer git at videolan.org
Thu Jan 5 01:13:03 CET 2012


ffmpeg | branch: release/0.9 | Michael Niedermayer <michaelni at gmx.at> | Wed Jan  4 21:55:52 2012 +0100| [58afa73338489c0a89ee427ab02e592513fb1c59] | committer: Michael Niedermayer

vorbis: make sure ch is non zero before calling vorbis_residue_decode

This possibly makes part of the CVE-2011-3895 fix unneeded.

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit ff7f198d7f9504f71676327be0be47661cfe39d6)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=58afa73338489c0a89ee427ab02e592513fb1c59
---

 libavcodec/vorbisdec.c |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/libavcodec/vorbisdec.c b/libavcodec/vorbisdec.c
index c99401b..4bd1cf2 100644
--- a/libavcodec/vorbisdec.c
+++ b/libavcodec/vorbisdec.c
@@ -1575,9 +1575,11 @@ static int vorbis_parse_audio_packet(vorbis_context *vc)
             av_log(vc->avccontext, AV_LOG_ERROR, "Too many channels in vorbis_floor_decode.\n");
             return -1;
         }
-        ret = vorbis_residue_decode(vc, residue, ch, do_not_decode, ch_res_ptr, vlen, ch_left);
-        if (ret < 0)
-            return ret;
+        if (ch) {
+            ret = vorbis_residue_decode(vc, residue, ch, do_not_decode, ch_res_ptr, vlen, ch_left);
+            if (ret < 0)
+                return ret;
+        }
 
         ch_res_ptr += ch * vlen;
         ch_left -= ch;



More information about the ffmpeg-cvslog mailing list