From 456a9392103f6ccd63173660804b1029052dc36c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20Storsj=C3=B6?= <martin@martin.st>
Date: Thu, 19 Sep 2013 15:12:06 +0300
Subject: [PATCH] dca: Validate the lfe parameter
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit a9d50bb578ec04c085a25f1e023f75e0e4499d5e)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
---
 libavcodec/dca.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/dca.c b/libavcodec/dca.c
index 169c9b41b9..4d71812d88 100644
--- a/libavcodec/dca.c
+++ b/libavcodec/dca.c
@@ -578,6 +578,11 @@ static int dca_parse_frame_header(DCAContext *s)
     s->lfe               = get_bits(&s->gb, 2);
     s->predictor_history = get_bits(&s->gb, 1);
 
+    if (s->lfe > 2) {
+        av_log(s->avctx, AV_LOG_ERROR, "Invalid LFE value: %d\n", s->lfe);
+        return AVERROR_INVALIDDATA;
+    }
+
     /* TODO: check CRC */
     if (s->crc_present)
         s->header_crc    = get_bits(&s->gb, 16);