Since commit 676a395a aac->frame->data is not necessarily allocated at
the end of aac_decode_frame_int if avctx->channels is 0.
In this case a bogus frame without any data, but non-zero nb_samples is
returned.
Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
---
libavcodec/aacdec.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c
index d55df43..a405faf 100644
--- a/libavcodec/aacdec.c
+++ b/libavcodec/aacdec.c
@@ -3073,6 +3073,12 @@ static int aac_decode_frame_int(AVCodecContext *avctx,
void *data,
AV_WL32(side, 2*AV_RL32(side));
}
+ if (!ac->frame->data[0] && samples) {
+ av_log(avctx, AV_LOG_ERROR, "no frame data found\n");
+ err = AVERROR_INVALIDDATA;
+ goto fail;
+ }
+
*got_frame_ptr = !!samples;
if (samples) {
ac->frame->nb_samples = samples;
--
2.1.4
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
