genh: prevent overflow during block alignment calculation
authorAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Thu, 15 Dec 2016 01:14:40 +0000 (02:14 +0100)
committerAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Mon, 30 Jan 2017 00:40:48 +0000 (01:40 +0100)
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
libavformat/genh.c

index b683e02..dd4e76d 100644 (file)
@@ -20,6 +20,7 @@
  */
 
 #include "libavutil/intreadwrite.h"
+#include "libavcodec/internal.h"
 #include "avformat.h"
 #include "internal.h"
 
@@ -54,7 +55,7 @@ static int genh_read_header(AVFormatContext *s)
 
     st->codecpar->codec_type  = AVMEDIA_TYPE_AUDIO;
     st->codecpar->channels    = avio_rl32(s->pb);
-    if (st->codecpar->channels <= 0)
+    if (st->codecpar->channels <= 0 || st->codecpar->channels > FF_SANE_NB_CHANNELS)
         return AVERROR_INVALIDDATA;
     if (st->codecpar->channels == 1)
         st->codecpar->channel_layout = AV_CH_LAYOUT_MONO;