[FFmpeg-devel] [libav-devel] [PATCH] libopusdec: fix out-of-bounds read
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Wed Nov 23 00:30:51 EET 2016
On 14.11.2016 21:55, Andreas Cadhalpun wrote:
> From d33ded293d15e8ceab666bea834d436f3a225bcc Mon Sep 17 00:00:00 2001
> From: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> Date: Mon, 14 Nov 2016 21:41:45 +0100
> Subject: [PATCH] libopusdec: default to stereo for invalid number of channels
>
> This fixes an out-of-bounds read if avc->channels is 0.
>
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> ---
> libavcodec/libopusdec.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/libavcodec/libopusdec.c b/libavcodec/libopusdec.c
> index acc62f1..61f68ed 100644
> --- a/libavcodec/libopusdec.c
> +++ b/libavcodec/libopusdec.c
> @@ -47,6 +47,12 @@ static av_cold int libopus_decode_init(AVCodecContext *avc)
> int ret, channel_map = 0, gain_db = 0, nb_streams, nb_coupled;
> uint8_t mapping_arr[8] = { 0, 1 }, *mapping;
>
> + if (avc->channels <= 0) {
> + av_log(avc, AV_LOG_WARNING,
> + "Invalid number of channels %d, defaulting to stereo\n", avc->channels);
> + avc->channels = 2;
> + }
> +
> avc->sample_rate = 48000;
> avc->sample_fmt = avc->request_sample_fmt == AV_SAMPLE_FMT_FLT ?
> AV_SAMPLE_FMT_FLT : AV_SAMPLE_FMT_S16;
Ping. It would be good to have this fixed in 3.2.1.
Best regards,
Andreas
More information about the ffmpeg-devel
mailing list