falkTX
/
FFmpeg
mirror of https://github.com/falkTX/FFmpeg.git
1
0
Fork 0
Code Issues 0 Releases 338 Wiki Activity
Browse Source

rsd: limit number of channels 

Negative values don't make sense and too large values can cause
overflows. For AV_CODEC_ID_ADPCM_THP this leads to a too small extradata
buffer being allocated, causing out-of-bounds writes.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit ee5f0f1d35)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
tags/n3.1.6
Andreas Cadhalpun 9 years ago
parent
d69dc10466
commit
13f032abbb
1 changed files with 3 additions and 1 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +3
    -1
      libavformat/rsd.c

+ 3
- 1
libavformat/rsd.c View File

@@ -84,8 +84,10 @@ static int rsd_read_header(AVFormatContext *s)
}

par->channels = avio_rl32(pb);
if (!par->channels)
if (par->channels <= 0 || par->channels > INT_MAX / 36) {
av_log(s, AV_LOG_ERROR, "Invalid number of channels: %d\n", par->channels);
return AVERROR_INVALIDDATA;
}

avio_skip(pb, 4); // Bit depth
par->sample_rate = avio_rl32(pb);


Write Preview
Loading…
Cancel
Save