[FFmpeg-devel] [PATCH 2/4] aacdec_usac: error out on too many elements
Lynne
dev at lynne.ee
Mon Jun 3 00:54:27 EEST 2024
USAC supports up to 64 audio channels, but puts no limit on the total
number of extensions that may be present. Which may mean that there's
a single audio channel, with 65 thousand extension elements.
We assume that 64 elements is the maximum for now. So check the value.
---
libavcodec/aac/aacdec_usac.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libavcodec/aac/aacdec_usac.c b/libavcodec/aac/aacdec_usac.c
index d98c014cf8..af3df3b449 100644
--- a/libavcodec/aac/aacdec_usac.c
+++ b/libavcodec/aac/aacdec_usac.c
@@ -393,6 +393,11 @@ int ff_aac_usac_config_decode(AACDecContext *ac, AVCodecContext *avctx,
/* UsacDecoderConfig */
elem_id[0] = elem_id[1] = elem_id[2] = 0;
usac->nb_elems = get_escaped_value(gb, 4, 8, 16) + 1;
+ if (usac->nb_elems > 64) {
+ av_log(ac->avctx, AV_LOG_ERROR, "Too many elements: %i\n",
+ usac->nb_elems);
+ return AVERROR(EINVAL);
+ }
for (int i = 0; i < usac->nb_elems; i++) {
AACUsacElemConfig *e = &usac->elems[i];
--
2.43.0.381.gb435a96ce8
More information about the ffmpeg-devel
mailing list