[FFmpeg-cvslog] mpegaudiodec: Validate that the number of channels fits at the given offset
Martin Storsjö
git at videolan.org
Tue Oct 8 01:11:31 CEST 2013
ffmpeg | branch: release/1.1 | Martin Storsjö <martin at martin.st> | Thu Sep 19 15:32:02 2013 +0300| [bacf5db1962a6955ce80eea6bbc86c6970d7d360] | committer: Luca Barbato
mpegaudiodec: Validate that the number of channels fits at the given offset
This is similar to the fix in 35cbc98b.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
Signed-off-by: Martin Storsjö <martin at martin.st>
(cherry picked from commit e9d61de96c113ee0ef8082833c7e682df0e23eec)
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bacf5db1962a6955ce80eea6bbc86c6970d7d360
---
libavcodec/mpegaudiodec.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavcodec/mpegaudiodec.c b/libavcodec/mpegaudiodec.c
index fda0280..bd096df 100644
--- a/libavcodec/mpegaudiodec.c
+++ b/libavcodec/mpegaudiodec.c
@@ -1936,7 +1936,8 @@ static int decode_frame_mp3on4(AVCodecContext *avctx, void *data,
avpriv_mpegaudio_decode_header((MPADecodeHeader *)m, header);
- if (ch + m->nb_channels > avctx->channels) {
+ if (ch + m->nb_channels > avctx->channels ||
+ s->coff[fr] + m->nb_channels > avctx->channels) {
av_log(avctx, AV_LOG_ERROR, "frame channel count exceeds codec "
"channel count\n");
return AVERROR_INVALIDDATA;
More information about the ffmpeg-cvslog
mailing list