ffmpeg | branch: master | James Almer <jamr...@gmail.com> | Thu Apr 4 13:25:55 2024 -0300| [45d2110fc72638c47a60b35511b4367fa65583cc] | committer: James Almer
avcodec/liblc3dec: sanitize channel count in avctx Should prevent out of array accesses. Signed-off-by: James Almer <jamr...@gmail.com> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=45d2110fc72638c47a60b35511b4367fa65583cc --- libavcodec/liblc3dec.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/liblc3dec.c b/libavcodec/liblc3dec.c index c0a31bc91f..90da28679b 100644 --- a/libavcodec/liblc3dec.c +++ b/libavcodec/liblc3dec.c @@ -46,6 +46,12 @@ static av_cold int liblc3_decode_init(AVCodecContext *avctx) if (avctx->extradata_size < 10) return AVERROR_INVALIDDATA; + if (channels < 0 || channels > DECODER_MAX_CHANNELS) { + av_log(avctx, AV_LOG_ERROR, + "Invalid number of channels %d. Max %d channels are accepted\n", + channels, DECODER_MAX_CHANNES); + return AVERROR(EINVAL); + } liblc3->frame_us = AV_RL16(avctx->extradata + 0) * 10; liblc3->srate_hz = avctx->sample_rate; _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".