[FFmpeg-devel] [libav-devel] [PATCH] libopusdec: fix out-of-bounds read

[Andreas Cadhalpun]

On 14.11.2016 00:01, Luca Barbato wrote:
> On 13/11/2016 19:23, Andreas Cadhalpun wrote:
>> avc->channels can be 0.
> 
> 0 and less than zero shouldn't be an error?

Such values should be rejected, wherever they are set.
However, ensuring that is a larger change I'm currently
working on.
Meanwhile, this patch is a trivial fix for the potential
security problem that can easily be backported.

Best regards,
Andreas