[FFmpeg-cvslog] avcodec/liblc3dec: sanitize channel count in avctx

Thu Apr 4 19:57:51 EEST 2024

ffmpeg | branch: master | James Almer <jamrial at gmail.com> | Thu Apr  4 13:25:55 2024 -0300| [45d2110fc72638c47a60b35511b4367fa65583cc] | committer: James Almer

avcodec/liblc3dec: sanitize channel count in avctx

Should prevent out of array accesses.

Signed-off-by: James Almer <jamrial at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=45d2110fc72638c47a60b35511b4367fa65583cc
---

 libavcodec/liblc3dec.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libavcodec/liblc3dec.c b/libavcodec/liblc3dec.c
index c0a31bc91f..90da28679b 100644
--- a/libavcodec/liblc3dec.c
+++ b/libavcodec/liblc3dec.c
@@ -46,6 +46,12 @@ static av_cold int liblc3_decode_init(AVCodecContext *avctx)
 
     if (avctx->extradata_size < 10)
         return AVERROR_INVALIDDATA;
+    if (channels < 0 || channels > DECODER_MAX_CHANNELS) {
+        av_log(avctx, AV_LOG_ERROR,
+               "Invalid number of channels %d. Max %d channels are accepted\n",
+               channels, DECODER_MAX_CHANNES);
+        return AVERROR(EINVAL);
+    }
 
     liblc3->frame_us = AV_RL16(avctx->extradata + 0) * 10;
     liblc3->srate_hz = avctx->sample_rate;

