[FFmpeg-cvslog] avcodec/dcadec: Check nchans
Michael Niedermayer
git at videolan.org
Sat May 16 00:16:23 CEST 2015
ffmpeg | branch: release/2.6 | Michael Niedermayer <michaelni at gmx.at> | Thu May 14 20:49:25 2015 +0200| [3da0395b340bcab94264644a4c69b4b7e99e064b] | committer: Michael Niedermayer
avcodec/dcadec: Check nchans
Fixes CID1239110
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit a6a45774d045007f8262cd7c614804390e53122e)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3da0395b340bcab94264644a4c69b4b7e99e064b
---
libavcodec/dcadec.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/libavcodec/dcadec.c b/libavcodec/dcadec.c
index d06e6d2..81d5032 100644
--- a/libavcodec/dcadec.c
+++ b/libavcodec/dcadec.c
@@ -226,6 +226,14 @@ static int dca_parse_audio_coding_header(DCAContext *s, int base_channel,
}
nchans = get_bits(&s->gb, 3) + 1;
+ if (xxch && nchans >= 3) {
+ av_log(s->avctx, AV_LOG_ERROR, "nchans %d is too large\n", nchans);
+ return AVERROR_INVALIDDATA;
+ } else if (nchans + base_channel > DCA_PRIM_CHANNELS_MAX) {
+ av_log(s->avctx, AV_LOG_ERROR, "channel sum %d + %d is too large\n", nchans, base_channel);
+ return AVERROR_INVALIDDATA;
+ }
+
s->total_channels = nchans + base_channel;
s->prim_channels = s->total_channels;
More information about the ffmpeg-cvslog
mailing list