[FFmpeg-cvslog] mpegaudiodec: Validate that the number of channels fits at the given offset
Martin Storsjö
git at videolan.org
Thu Jan 16 22:08:50 CET 2014
ffmpeg | branch: release/0.10 | Martin Storsjö <martin at martin.st> | Thu Sep 19 15:32:02 2013 +0300| [ff8837e9c60a99172565c47d7fcf432418c0dac8] | committer: Luca Barbato
mpegaudiodec: Validate that the number of channels fits at the given offset
This is similar to the fix in 35cbc98b.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
Signed-off-by: Martin Storsjö <martin at martin.st>
(cherry picked from commit e9d61de96c113ee0ef8082833c7e682df0e23eec)
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>
(cherry picked from commit bacf5db1962a6955ce80eea6bbc86c6970d7d360)
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ff8837e9c60a99172565c47d7fcf432418c0dac8
---
libavcodec/mpegaudiodec.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavcodec/mpegaudiodec.c b/libavcodec/mpegaudiodec.c
index adb25ff..e2216f3 100644
--- a/libavcodec/mpegaudiodec.c
+++ b/libavcodec/mpegaudiodec.c
@@ -1943,7 +1943,8 @@ static int decode_frame_mp3on4(AVCodecContext *avctx, void *data,
avpriv_mpegaudio_decode_header((MPADecodeHeader *)m, header);
- if (ch + m->nb_channels > avctx->channels) {
+ if (ch + m->nb_channels > avctx->channels ||
+ s->coff[fr] + m->nb_channels > avctx->channels) {
av_log(avctx, AV_LOG_ERROR, "frame channel count exceeds codec "
"channel count\n");
return AVERROR_INVALIDDATA;
More information about the ffmpeg-cvslog
mailing list