avcodec/sonic: More completely check sample_rate_index and channels
authorMichael Niedermayer <michaelni@gmx.at>
Fri, 15 May 2015 15:31:58 +0000 (17:31 +0200)
committerMichael Niedermayer <michaelni@gmx.at>
Mon, 1 Jun 2015 21:25:21 +0000 (23:25 +0200)
Fixes CID1271783

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ade8a46154cb45c88b1cb5c616eaa6320c941187)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/sonic.c

index 81fe1ef..3db77f3 100644 (file)
@@ -883,13 +883,19 @@ static av_cold int sonic_decode_init(AVCodecContext *avctx)
 
     if (s->version >= 1)
     {
+        int sample_rate_index;
         s->channels = get_bits(&gb, 2);
-        s->samplerate = samplerate_table[get_bits(&gb, 4)];
+        sample_rate_index = get_bits(&gb, 4);
+        if (sample_rate_index >= FF_ARRAY_ELEMS(samplerate_table)) {
+            av_log(avctx, AV_LOG_ERROR, "Invalid sample_rate_index %d\n", sample_rate_index);
+            return AVERROR_INVALIDDATA;
+        }
+        s->samplerate = samplerate_table[sample_rate_index];
         av_log(avctx, AV_LOG_INFO, "Sonicv2 chans: %d samprate: %d\n",
             s->channels, s->samplerate);
     }
 
-    if (s->channels > MAX_CHANNELS)
+    if (s->channels > MAX_CHANNELS || s->channels < 1)
     {
         av_log(avctx, AV_LOG_ERROR, "Only mono and stereo streams are supported by now\n");
         return AVERROR_INVALIDDATA;