generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

aac: check the maximum number of channels

Browse Source 
Broken bitstreams could report a larger than specified number of
channels and cause outbound writes.

CC:libav-stable@libav.org
(cherry picked from commit a943a132f3)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

Conflicts:
	libavcodec/aacdec.c
This commit is contained in:
Reinhard Tartler
2013-05-07 07:13:50 +02:00
parent 053c19cd88
commit ade4f3e746
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/aacdec.c
View File

@@ -183,6 +183,8 @@ static av_cold int che_configure(AACContext *ac,
enum ChannelPosition che_pos[4][MAX_ELEM_ID], enum ChannelPosition che_pos[4][MAX_ELEM_ID],
int type, int id, int *channels) int type, int id, int *channels)
{ {
if (*channels >= MAX_CHANNELS)
return AVERROR_INVALIDDATA;
if (che_pos[type][id]) { if (che_pos[type][id]) {
if (!ac->che[type][id] && !(ac->che[type][id] = av_mallocz(sizeof(ChannelElement)))) if (!ac->che[type][id] && !(ac->che[type][id] = av_mallocz(sizeof(ChannelElement))))
return AVERROR(ENOMEM); return AVERROR(ENOMEM);