Check validity of channels & samplerate.
authorReinhard Tartler <siretart@tauware.de>
Wed, 24 Mar 2010 19:35:30 +0000 (19:35 +0000)
committerReinhard Tartler <siretart@tauware.de>
Wed, 24 Mar 2010 19:35:30 +0000 (19:35 +0000)
This may be security relevant.
Based on 2 patches by chrome.

backport r19975 by michael

Originally committed as revision 22658 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

libavcodec/vorbis_dec.c

index 6cfdf48..9875657 100644 (file)
@@ -902,8 +902,16 @@ static int vorbis_parse_id_hdr(vorbis_context *vc){
     }
 
     vc->version=get_bits_long(gb, 32);    //FIXME check 0
-    vc->audio_channels=get_bits(gb, 8);   //FIXME check >0
-    vc->audio_samplerate=get_bits_long(gb, 32);   //FIXME check >0
+    vc->audio_channels=get_bits(gb, 8);
+    if(vc->audio_channels <= 0){
+        av_log(vc->avccontext, AV_LOG_ERROR, "Invalid number of channels\n");
+        return -1;
+    }
+    vc->audio_samplerate=get_bits_long(gb, 32);
+    if(vc->audio_samplerate <= 0){
+        av_log(vc->avccontext, AV_LOG_ERROR, "Invalid samplerate\n");
+        return -1;
+    }
     vc->bitrate_maximum=get_bits_long(gb, 32);
     vc->bitrate_nominal=get_bits_long(gb, 32);
     vc->bitrate_minimum=get_bits_long(gb, 32);