[FFmpeg-cvslog] aac: check the maximum number of channels
Reinhard Tartler
git at videolan.org
Sun Sep 22 17:46:02 CEST 2013
ffmpeg | branch: release/0.8 | Reinhard Tartler <siretart at tauware.de> | Tue May 7 07:13:50 2013 +0200| [ade4f3e74635d1fa4b3c34c3a1724b43d92b08b5] | committer: Reinhard Tartler
aac: check the maximum number of channels
Broken bitstreams could report a larger than specified number of
channels and cause outbound writes.
CC:libav-stable at libav.org
(cherry picked from commit a943a132f36f4df8fe2f749744677b71984abce7)
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>
Conflicts:
libavcodec/aacdec.c
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ade4f3e74635d1fa4b3c34c3a1724b43d92b08b5
---
libavcodec/aacdec.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c
index d479c94..b9c8c07 100644
--- a/libavcodec/aacdec.c
+++ b/libavcodec/aacdec.c
@@ -183,6 +183,8 @@ static av_cold int che_configure(AACContext *ac,
enum ChannelPosition che_pos[4][MAX_ELEM_ID],
int type, int id, int *channels)
{
+ if (*channels >= MAX_CHANNELS)
+ return AVERROR_INVALIDDATA;
if (che_pos[type][id]) {
if (!ac->che[type][id] && !(ac->che[type][id] = av_mallocz(sizeof(ChannelElement))))
return AVERROR(ENOMEM);
More information about the ffmpeg-cvslog
mailing list