| Message ID | e68d7cb7-c995-c1f1-a6c0-096613b0ae2e@googlemail.com |
|---|---|
| State | Superseded |
| Headers | show |
On 14.11.2016 00:01, Luca Barbato wrote: > On 13/11/2016 19:23, Andreas Cadhalpun wrote: >> avc->channels can be 0. > > 0 and less than zero shouldn't be an error? Such values should be rejected, wherever they are set. However, ensuring that is a larger change I'm currently working on. Meanwhile, this patch is a trivial fix for the potential security problem that can easily be backported. Best regards, Andreas
diff --git a/libavcodec/libopusdec.c b/libavcodec/libopusdec.c index acc62f1..505ed57 100644 --- a/libavcodec/libopusdec.c +++ b/libavcodec/libopusdec.c @@ -50,7 +50,7 @@ static av_cold int libopus_decode_init(AVCodecContext *avc) avc->sample_rate = 48000; avc->sample_fmt = avc->request_sample_fmt == AV_SAMPLE_FMT_FLT ? AV_SAMPLE_FMT_FLT : AV_SAMPLE_FMT_S16; - avc->channel_layout = avc->channels > 8 ? 0 : + avc->channel_layout = (avc->channels > 8 || avc->channels < 1) ? 0 : ff_vorbis_channel_layouts[avc->channels - 1]; if (avc->extradata_size >= OPUS_HEAD_SIZE) {
avc->channels can be 0. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> --- libavcodec/libopusdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)