[FFmpeg-cvslog] aac: check the maximum number of channels

[Reinhard Tartler]

ffmpeg | branch: release/0.10 | Reinhard Tartler <siretart at tauware.de> | Tue May  7 07:13:50 2013 +0200| [a590979988b135db7c7260f6db2082e19a46609b] | committer: Reinhard Tartler

aac: check the maximum number of channels

Broken bitstreams could report a larger than specified number of
channels and cause outbound writes.

CC:libav-stable at libav.org
(cherry picked from commit a943a132f36f4df8fe2f749744677b71984abce7)

Signed-off-by: Luca Barbato <lu_zero at gentoo.org>

Conflicts:
	libavcodec/aacdec.c

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a590979988b135db7c7260f6db2082e19a46609b
---

 libavcodec/aacdec.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c
index 6478c77..24e6ca6 100644
--- a/libavcodec/aacdec.c
+++ b/libavcodec/aacdec.c
@@ -192,6 +192,8 @@ static av_cold int che_configure(AACContext *ac,
                                  enum ChannelPosition che_pos[4][MAX_ELEM_ID],
                                  int type, int id, int *channels)
 {
+    if (*channels >= MAX_CHANNELS)
+        return AVERROR_INVALIDDATA;
     if (che_pos[type][id]) {
         if (!ac->che[type][id]) {
             if (!(ac->che[type][id] = av_mallocz(sizeof(ChannelElement))))