From 9062cd354475754bdaaccc198a27e1728f47d5b7 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 23 Sep 2009 07:46:51 +0000 Subject: [PATCH] Check validity of channels & samplerate. This may be security relevant. Based on 2 patches by chrome. Originally committed as revision 19975 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavcodec/vorbis_dec.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/libavcodec/vorbis_dec.c b/libavcodec/vorbis_dec.c index 840207c79f..00542b9596 100644 --- a/libavcodec/vorbis_dec.c +++ b/libavcodec/vorbis_dec.c @@ -848,8 +848,16 @@ static int vorbis_parse_id_hdr(vorbis_context *vc){ } vc->version=get_bits_long(gb, 32); //FIXME check 0 - vc->audio_channels=get_bits(gb, 8); //FIXME check >0 - vc->audio_samplerate=get_bits_long(gb, 32); //FIXME check >0 + vc->audio_channels=get_bits(gb, 8); + if(vc->audio_channels <= 0){ + av_log(vc->avccontext, AV_LOG_ERROR, "Invalid number of channels\n"); + return -1; + } + vc->audio_samplerate=get_bits_long(gb, 32); + if(vc->audio_samplerate <= 0){ + av_log(vc->avccontext, AV_LOG_ERROR, "Invalid samplerate\n"); + return -1; + } vc->bitrate_maximum=get_bits_long(gb, 32); vc->bitrate_nominal=get_bits_long(gb, 32); vc->bitrate_minimum=get_bits_long(gb, 32);