[FFmpeg-cvslog] alac: Check that the channels fit at the given offset
Martin Storsjö
git at videolan.org
Sat Sep 7 14:36:17 CEST 2013
ffmpeg | branch: release/1.1 | Martin Storsjö <martin at martin.st> | Tue Sep 3 14:16:40 2013 +0300| [790606cfe97ea897e72cd7d393ee653d2a56e8bd] | committer: Luca Barbato
alac: Check that the channels fit at the given offset
The code tries to decode a number of channels at the
offset given by the ff_alac_channel_layout_offsets table.
Even if the number of channels decoded so far doesn't
exceed the total number of channels, we need to check that
we actually can decode that number of channels at this offset
as well.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
Signed-off-by: Martin Storsjö <martin at martin.st>
(cherry picked from commit 35cbc98b720db95b923cb2d745f77bb2ee4363dc)
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=790606cfe97ea897e72cd7d393ee653d2a56e8bd
---
libavcodec/alac.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavcodec/alac.c b/libavcodec/alac.c
index b69efc3..72e9353 100644
--- a/libavcodec/alac.c
+++ b/libavcodec/alac.c
@@ -418,7 +418,8 @@ static int alac_decode_frame(AVCodecContext *avctx, void *data,
}
channels = (element == TYPE_CPE) ? 2 : 1;
- if (ch + channels > alac->channels) {
+ if (ch + channels > alac->channels ||
+ ff_alac_channel_layout_offsets[alac->channels - 1][ch] + channels > alac->channels) {
av_log(avctx, AV_LOG_ERROR, "invalid element channel count\n");
return AVERROR_INVALIDDATA;
}
More information about the ffmpeg-cvslog
mailing list