[FFmpeg-cvslog] libopusdec: fix out-of-bounds read

[Andreas Cadhalpun]

ffmpeg | branch: master | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Thu Nov 24 01:06:35 2016 +0100| [fc85646ad495f3418042468da415af73a7a07334] | committer: Vittorio Giovara

libopusdec: fix out-of-bounds read

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fc85646ad495f3418042468da415af73a7a07334
---

 libavcodec/libopusdec.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/libavcodec/libopusdec.c b/libavcodec/libopusdec.c
index 75eaf9bd48..781635615c 100644
--- a/libavcodec/libopusdec.c
+++ b/libavcodec/libopusdec.c
@@ -48,6 +48,13 @@ static av_cold int libopus_decode_init(AVCodecContext *avc)
         avc->channels = 2;
     }
 
+    avc->channels = avc->extradata_size >= 10 ? avc->extradata[9] : (avc->channels == 1) ? 1 : 2;
+    if (avc->channels <= 0) {
+        av_log(avc, AV_LOG_WARNING,
+               "Invalid number of channels %d, defaulting to stereo\n", avc->channels);
+        avc->channels = 2;
+    }
+
     avc->sample_rate    = 48000;
     avc->sample_fmt     = avc->request_sample_fmt == AV_SAMPLE_FMT_FLT ?
                           AV_SAMPLE_FMT_FLT : AV_SAMPLE_FMT_S16;