[FFmpeg-devel] [PATCH 1/3] avcodec/alsdec: Limit maximum channels to 64
Michael Niedermayer
michael at niedermayer.cc
Mon Aug 19 02:30:52 EEST 2019
There seems to be no limit in the specification and upto 64k could be stored
64 is chooses as limit as thats also used for AAC and is what a int64 mask
can handle
An alternative to this patch would be a max_channels variable
Fixes: OOM
Fixes: 16200/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5764788793114624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavcodec/alsdec.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c
index 26c496c769..425cf73be9 100644
--- a/libavcodec/alsdec.c
+++ b/libavcodec/alsdec.c
@@ -43,6 +43,8 @@
#include <stdint.h>
+#define MAX_CHANNELS 64
+
/** Rice parameters and corresponding index offsets for decoding the
* indices of scaled PARCOR values. The table chosen is set globally
* by the encoder and stored in ALSSpecificConfig.
@@ -348,6 +350,11 @@ static av_cold int read_specific_config(ALSDecContext *ctx)
if (als_id != MKBETAG('A','L','S','\0'))
return AVERROR_INVALIDDATA;
+ if (avctx->channels > MAX_CHANNELS) {
+ avpriv_request_sample(avctx, "Huge number of channels\n");
+ return AVERROR_PATCHWELCOME;
+ }
+
ctx->cur_frame_length = sconf->frame_length;
// read channel config
--
2.22.1
More information about the ffmpeg-devel
mailing list