[libav-stable] aac: check the maximum number of channels

Luca Barbato git at libav.org
Sun Apr 28 00:41:34 CEST 2013


Module: libav
Branch: master
Commit: a943a132f36f4df8fe2f749744677b71984abce7

Author:    Luca Barbato <lu_zero at gentoo.org>
Committer: Luca Barbato <lu_zero at gentoo.org>
Date:      Sat Apr 27 18:20:47 2013 +0200

aac: check the maximum number of channels

Broken bitstreams could report a larger than specified number of
channels and cause outbound writes.

CC:libav-stable at libav.org

---

 libavcodec/aacdec.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c
index 102c3d5..3219ec6 100644
--- a/libavcodec/aacdec.c
+++ b/libavcodec/aacdec.c
@@ -141,6 +141,8 @@ static av_cold int che_configure(AACContext *ac,
                                  enum ChannelPosition che_pos,
                                  int type, int id, int *channels)
 {
+    if (*channels >= MAX_CHANNELS)
+        return AVERROR_INVALIDDATA;
     if (che_pos) {
         if (!ac->che[type][id]) {
             if (!(ac->che[type][id] = av_mallocz(sizeof(ChannelElement))))



More information about the libav-stable mailing list