vqf: Make sure the bitrate is in the valid range
authorMartin Storsjö <martin@martin.st>
Sat, 28 Sep 2013 20:19:10 +0000 (23:19 +0300)
committerLuca Barbato <lu_zero@gentoo.org>
Tue, 7 Jan 2014 08:43:57 +0000 (09:43 +0100)
Even if the sample rate is valid, an invalid bitrate could
pass the mode combination test below.

CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 68ff9981283a56c731f00c2ee7901103665092fc)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 60701469ab9f526841ae81444236425f87916adb)

libavformat/vqf.c

index a9b5ce7..253ddec 100644 (file)
@@ -182,6 +182,13 @@ static int vqf_read_header(AVFormatContext *s, AVFormatParameters *ap)
         break;
     }
 
+    if (read_bitrate / st->codec->channels <  8 ||
+        read_bitrate / st->codec->channels > 48) {
+        av_log(s, AV_LOG_ERROR, "Invalid bitrate per channel %d\n",
+               read_bitrate / st->codec->channels);
+        return AVERROR_INVALIDDATA;
+    }
+
     switch (((st->codec->sample_rate/1000) << 8) +
             read_bitrate/st->codec->channels) {
     case (11<<8) + 8 :