[FFmpeg-cvslog] lavc: check channel count after decoder init

Fri Nov 2 13:49:11 CET 2012

ffmpeg | branch: master | Justin Ruggles <justin.ruggles at gmail.com> | Tue Oct 23 00:56:00 2012 -0400| [0366664ef9af85ee052925f9a1a853d14d2f47a7] | committer: Justin Ruggles

lavc: check channel count after decoder init

Ensures the decoder did not set channel count to an insanely high value
during initialization, which could cause large memory usage when it tries to
get a buffer during decoding.

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0366664ef9af85ee052925f9a1a853d14d2f47a7
---

 libavcodec/utils.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index b4e7ed6..58dfe97 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -881,6 +881,11 @@ int attribute_align_arg avcodec_open2(AVCodecContext *avctx, const AVCodec *code
                 avctx->channel_layout = 0;
             }
         }
+        if (avctx->channels && avctx->channels < 0 ||
+            avctx->channels > FF_SANE_NB_CHANNELS) {
+            ret = AVERROR(EINVAL);
+            goto free_and_end;
+        }
     }
 end:
     entangled_thread_counter--;

