From 0634c5425306547e593bedbbbd2d982d7f0a27cf Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Wed, 13 Jan 2016 14:15:11 +0100
Subject: [PATCH] avcodec/aacenc: Fix NAN check

All MDCT outputs must be checked in case of 128point MDCTs
Fixes: out of array read
Fixes: 04442da73d935b776d2236282588d4f9/signal_sigsegv_2625a69_351_52ca6226eb83547a2d26e322ce84ed84.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/aacenc.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/libavcodec/aacenc.c b/libavcodec/aacenc.c
index 4b94f98823..127ad4a810 100644
--- a/libavcodec/aacenc.c
+++ b/libavcodec/aacenc.c
@@ -606,7 +606,15 @@ static int aac_encode_frame(AVCodecContext *avctx, AVPacket *avpkt,
                 s->mdct1024.mdct_calc(&s->mdct1024, sce->lcoeffs, sce->ret_buf);
             }
 
-            if (isnan(cpe->ch->coeffs[0])) {
+            if (isnan(cpe->ch->coeffs[0]) ||
+                isnan(cpe->ch->coeffs[  128]) ||
+                isnan(cpe->ch->coeffs[2*128]) ||
+                isnan(cpe->ch->coeffs[3*128]) ||
+                isnan(cpe->ch->coeffs[4*128]) ||
+                isnan(cpe->ch->coeffs[5*128]) ||
+                isnan(cpe->ch->coeffs[6*128]) ||
+                isnan(cpe->ch->coeffs[7*128])
+            ) {
                 av_log(avctx, AV_LOG_ERROR, "Input contains NaN\n");
                 return AVERROR(EINVAL);
             }