Mercurial > libavcodec.hg

diff vorbis_dec.c @ 10231:e99054a89bfe libavcodec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Check validity of channels & samplerate. This may be security relevant. Based on 2 patches by chrome.
author michael
date Wed, 23 Sep 2009 07:46:51 +0000
parents 38ab367d4231
children 1792a26c0bbb
line wrap: on
line diff
--- a/vorbis_dec.c	Wed Sep 23 05:38:12 2009 +0000
+++ b/vorbis_dec.c	Wed Sep 23 07:46:51 2009 +0000
@@ -848,8 +848,16 @@
     }
 
     vc->version=get_bits_long(gb, 32);    //FIXME check 0
-    vc->audio_channels=get_bits(gb, 8);   //FIXME check >0
-    vc->audio_samplerate=get_bits_long(gb, 32);   //FIXME check >0
+    vc->audio_channels=get_bits(gb, 8);
+    if(vc->audio_channels <= 0){
+        av_log(vc->avccontext, AV_LOG_ERROR, "Invalid number of channels\n");
+        return -1;
+    }
+    vc->audio_samplerate=get_bits_long(gb, 32);
+    if(vc->audio_samplerate <= 0){
+        av_log(vc->avccontext, AV_LOG_ERROR, "Invalid samplerate\n");
+        return -1;
+    }
     vc->bitrate_maximum=get_bits_long(gb, 32);
     vc->bitrate_nominal=get_bits_long(gb, 32);
     vc->bitrate_minimum=get_bits_long(gb, 32);