[FFmpeg-cvslog] avfilter/af_pan: check nb_output_channels before use

[Michael Niedermayer]

ffmpeg | branch: release/2.8 | Michael Niedermayer <michael at niedermayer.cc> | Mon Jun 10 23:41:07 2024 +0200| [511aa1819848635a0e11f60c106004837fc953d3] | committer: Michael Niedermayer

avfilter/af_pan: check nb_output_channels before use

Fixes: CID1500281 Out-of-bounds write
Fixes: CID1500331 Out-of-bounds write

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5fe8bf4aa51350b14d0babd47b0314232e703caf)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=511aa1819848635a0e11f60c106004837fc953d3
---

 libavfilter/af_pan.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c
index 64d6a9371c..7116c8ba13 100644
--- a/libavfilter/af_pan.c
+++ b/libavfilter/af_pan.c
@@ -120,6 +120,14 @@ static av_cold int init(AVFilterContext *ctx)
     if (ret < 0)
         goto fail;
 
+    if (pan->nb_output_channels > MAX_CHANNELS) {
+        av_log(ctx, AV_LOG_ERROR,
+               "af_pan supports a maximum of %d channels. "
+               "Feel free to ask for a higher limit.\n", MAX_CHANNELS);
+        ret = AVERROR_PATCHWELCOME;
+        goto fail;
+    }
+
     /* parse channel specifications */
     while ((arg = arg0 = av_strtok(NULL, "|", &tokenizer))) {
         /* channel name */