[FFmpeg-devel] [PATCH] lavc/libopusdec.c Fix ff_vorbis_channel_layouts OOB
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Thu Dec 15 03:43:36 EET 2016
On 15.12.2016 00:39, Matthew Wolenetz wrote:
> From 141e56ccf7fc56646424484d357b6c74a486d2e2 Mon Sep 17 00:00:00 2001
> From: Matt Wolenetz <wolenetz at chromium.org>
> Date: Mon, 21 Nov 2016 17:30:50 -0800
> Subject: [PATCH] lavc/libopusdec.c Fix ff_vorbis_channel_layouts OOB
>
> Similar to existing lavc/vorbisdec.c code which first checks that
> avc->channels is valid for accessing ff_vorbis_channel_layouts, this
> change adds protection to libopusdec.c to prevent accessing that
> array with a negative index. Reference https://crbug.com/666794.
> ---
> libavcodec/libopusdec.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/libavcodec/libopusdec.c b/libavcodec/libopusdec.c
> index acc62f1..c2c7adc 100644
> --- a/libavcodec/libopusdec.c
> +++ b/libavcodec/libopusdec.c
> @@ -50,6 +50,10 @@ static av_cold int libopus_decode_init(AVCodecContext *avc)
> avc->sample_rate = 48000;
> avc->sample_fmt = avc->request_sample_fmt == AV_SAMPLE_FMT_FLT ?
> AV_SAMPLE_FMT_FLT : AV_SAMPLE_FMT_S16;
> + if (avc->channels <= 0) {
> + av_log(avc, AV_LOG_ERROR, "Invalid number of channels\n");
> + return AVERROR(EINVAL);
> + }
> avc->channel_layout = avc->channels > 8 ? 0 :
> ff_vorbis_channel_layouts[avc->channels - 1];
>
What version of ffmpeg is this based on?
I'm pretty sure I fixed this issue with commit
8c8f543b81aa2b50bb6a6cfd370a0061281492a3.
Best regards,
Andreas
More information about the ffmpeg-devel
mailing list