[FFmpeg-cvslog] twinvq: validate sample rate code

Fri Nov 2 14:32:43 CET 2012

ffmpeg | branch: master | Justin Ruggles <justin.ruggles at gmail.com> | Tue Oct 23 13:17:50 2012 -0400| [b5f628e227743fc1725a28b5b21f538a40efca82] | committer: Justin Ruggles

twinvq: validate sample rate code

A large invalid value could cause undefined behavior when left-shifted
by 8 later in the function.

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b5f628e227743fc1725a28b5b21f538a40efca82
---

 libavcodec/twinvq.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/twinvq.c b/libavcodec/twinvq.c
index 3159e49..7af370e 100644
--- a/libavcodec/twinvq.c
+++ b/libavcodec/twinvq.c
@@ -1120,6 +1120,11 @@ static av_cold int twin_decode_init(AVCodecContext *avctx)
     avctx->channels = AV_RB32(avctx->extradata    ) + 1;
     avctx->bit_rate = AV_RB32(avctx->extradata + 4) * 1000;
     isampf          = AV_RB32(avctx->extradata + 8);
+
+    if (isampf < 8 || isampf > 44) {
+        av_log(avctx, AV_LOG_ERROR, "Unsupported sample rate\n");
+        return AVERROR_INVALIDDATA;
+    }
     switch (isampf) {
     case 44: avctx->sample_rate = 44100;         break;
     case 22: avctx->sample_rate = 22050;         break;

