| Patrick Williams | b48b7b4 | 2016-08-17 15:04:38 -0500 | [diff] [blame^] | 1 | gst-ffmpeg: aacdec: check channel count |
| 2 | |
| 3 | Prevent out of array accesses |
| 4 | |
| 5 | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind |
| 6 | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> |
| 7 | (cherry picked from commit 96f452ac647dae33c53c242ef3266b65a9beafb6) |
| 8 | |
| 9 | Upstream-Status: Backport |
| 10 | |
| 11 | Signed-off-by: Yue Tao <yue.tao@windriver.com> |
| 12 | --- |
| 13 | libavcodec/aacdec.c | 5 +++++ |
| 14 | 1 files changed, 5 insertions(+), 0 deletions(-) |
| 15 | |
| 16 | diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c |
| 17 | index 239153a..6c17c33 100644 |
| 18 | --- a/gst-libs/ext/libav/libavcodec/aacdec.c |
| 19 | +++ b/gst-libs/ext/libav/libavcodec/aacdec.c |
| 20 | @@ -914,6 +914,11 @@ static av_cold int aac_decode_init(AVCodecContext *avctx) |
| 21 | } |
| 22 | } |
| 23 | |
| 24 | + if (avctx->channels > MAX_CHANNELS) { |
| 25 | + av_log(avctx, AV_LOG_ERROR, "Too many channels\n"); |
| 26 | + return AVERROR_INVALIDDATA; |
| 27 | + } |
| 28 | + |
| 29 | AAC_INIT_VLC_STATIC( 0, 304); |
| 30 | AAC_INIT_VLC_STATIC( 1, 270); |
| 31 | AAC_INIT_VLC_STATIC( 2, 550); |
| 32 | -- |
| 33 | 1.7.5.4 |
| 34 | |