[FFmpeg-cvslog] avcodec/dcadec: Check nchans

Michael Niedermayer git at videolan.org
Tue Jun 2 00:50:12 CEST 2015


ffmpeg | branch: release/2.4 | Michael Niedermayer <michaelni at gmx.at> | Thu May 14 20:49:25 2015 +0200| [c55a6bac6c3c976a2861faaa96634cdf2176f44c] | committer: Michael Niedermayer

avcodec/dcadec: Check nchans

Fixes CID1239110

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit a6a45774d045007f8262cd7c614804390e53122e)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c55a6bac6c3c976a2861faaa96634cdf2176f44c
---

 libavcodec/dcadec.c |    8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/libavcodec/dcadec.c b/libavcodec/dcadec.c
index 7d798b0..7cdf4b4 100644
--- a/libavcodec/dcadec.c
+++ b/libavcodec/dcadec.c
@@ -583,6 +583,14 @@ static int dca_parse_audio_coding_header(DCAContext *s, int base_channel,
     }
 
     nchans = get_bits(&s->gb, 3) + 1;
+    if (xxch && nchans >= 3) {
+        av_log(s->avctx, AV_LOG_ERROR, "nchans %d is too large\n", nchans);
+        return AVERROR_INVALIDDATA;
+    } else if (nchans + base_channel > DCA_PRIM_CHANNELS_MAX) {
+        av_log(s->avctx, AV_LOG_ERROR, "channel sum %d + %d is too large\n", nchans, base_channel);
+        return AVERROR_INVALIDDATA;
+    }
+
     s->total_channels = nchans + base_channel;
     s->prim_channels  = s->total_channels;
 



More information about the ffmpeg-cvslog mailing list