Message ID | 20240404162936.4581-1-jamrial@gmail.com |
---|---|
State | New |
Headers | show |
Series | [FFmpeg-devel,1/2] avcodec/liblc3dec: sanitize channel count in avctx | expand |
Context | Check | Description |
---|---|---|
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
On date Thursday 2024-04-04 13:29:35 -0300, James Almer wrote: > Should prevent out of array accesses. > > Signed-off-by: James Almer <jamrial@gmail.com> > --- > libavcodec/liblc3dec.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/libavcodec/liblc3dec.c b/libavcodec/liblc3dec.c > index c0a31bc91f..52364859d4 100644 > --- a/libavcodec/liblc3dec.c > +++ b/libavcodec/liblc3dec.c > @@ -46,6 +46,8 @@ static av_cold int liblc3_decode_init(AVCodecContext *avctx) > > if (avctx->extradata_size < 10) > return AVERROR_INVALIDDATA; > + if (channels < 0 || channels > DECODER_MAX_CHANNELS) > + return AVERROR_INVALIDDATA; add a log: av_log(avctx, AV_LOG_ERROR, "Invalid number of channels %d, max %d decoder channels are accepted\n", channels, DECODER_MAX_CHANNES); > liblc3->frame_us = AV_RL16(avctx->extradata + 0) * 10; > liblc3->srate_hz = avctx->sample_rate; LGTM otherwise, thanks.
diff --git a/libavcodec/liblc3dec.c b/libavcodec/liblc3dec.c index c0a31bc91f..52364859d4 100644 --- a/libavcodec/liblc3dec.c +++ b/libavcodec/liblc3dec.c @@ -46,6 +46,8 @@ static av_cold int liblc3_decode_init(AVCodecContext *avctx) if (avctx->extradata_size < 10) return AVERROR_INVALIDDATA; + if (channels < 0 || channels > DECODER_MAX_CHANNELS) + return AVERROR_INVALIDDATA; liblc3->frame_us = AV_RL16(avctx->extradata + 0) * 10; liblc3->srate_hz = avctx->sample_rate;
Should prevent out of array accesses. Signed-off-by: James Almer <jamrial@gmail.com> --- libavcodec/liblc3dec.c | 2 ++ 1 file changed, 2 insertions(+)