generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

shorten: set invalid channels count to 0

Browse Source 
Prevent the loop shorten_decode_close from writing and freeing out of
the array boundary.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

CC: libav-stable@libav.org

(cherry picked from commit c10da30d84)
This commit is contained in:
Michael Niedermayer
2013-03-05 15:13:04 +01:00
committed by Luca Barbato
parent 0cb3cab343
commit 21d568be17
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
libavcodec/shorten.c
View File

@@ -345,6 +345,7 @@ static int read_header(ShortenContext *s)
s->channels = get_uint(s, CHANSIZE); s->channels = get_uint(s, CHANSIZE);
if (s->channels <= 0 || s->channels > MAX_CHANNELS) { if (s->channels <= 0 || s->channels > MAX_CHANNELS) {
av_log(s->avctx, AV_LOG_ERROR, "too many channels: %d\n", s->channels); av_log(s->avctx, AV_LOG_ERROR, "too many channels: %d\n", s->channels);
s->channels = 0;
return -1; return -1;
} }
s->avctx->channels = s->channels; s->avctx->channels = s->channels;