[FFmpeg-cvslog] alac: Check channel indexes more completely, fix out of array accesses.
Michael Niedermayer
git at videolan.org
Sat Nov 10 19:46:43 CET 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sat Nov 10 18:21:50 2012 +0100| [b53f89710b03c4c832bb03e4e132b1ace17fb4e4] | committer: Michael Niedermayer
alac: Check channel indexes more completely, fix out of array accesses.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b53f89710b03c4c832bb03e4e132b1ace17fb4e4
---
libavcodec/alac.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavcodec/alac.c b/libavcodec/alac.c
index 46c3a5b..93db034 100644
--- a/libavcodec/alac.c
+++ b/libavcodec/alac.c
@@ -495,7 +495,9 @@ static int alac_decode_frame(AVCodecContext *avctx, void *data,
}
channels = (element == TYPE_CPE) ? 2 : 1;
- if (ch + channels > alac->channels) {
+ if ( ch + channels > alac->channels
+ || alac_channel_layout_offsets[alac->channels - 1][ch] + channels > alac->channels
+ ) {
av_log(avctx, AV_LOG_ERROR, "invalid element channel count\n");
return AVERROR_INVALIDDATA;
}
More information about the ffmpeg-cvslog
mailing list