Supporting this would require re-initialization to change buffer sizes.
This fixes out of bounds reads.
Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
---
libavcodec/alsdec.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c
index ebd364e..5efa0cc 100644
--- a/libavcodec/alsdec.c
+++ b/libavcodec/alsdec.c
@@ -193,6 +193,7 @@ typedef struct ALSDecContext {
ALSSpecificConfig sconf;
GetBitContext gb;
BswapDSPContext bdsp;
+ int channels;
const AVCRC *crc_table;
uint32_t crc_org; ///< CRC value of the original input data
uint32_t crc; ///< CRC value calculated from decoded data
@@ -1515,6 +1516,13 @@ static int decode_frame(AVCodecContext *avctx, void
*data, int *got_frame_ptr,
int invalid_frame, ret;
unsigned int c, sample, ra_frame, bytes_read, shift;
+ if (avctx->channels != ctx->channels) {
+ av_log(avctx, AV_LOG_ERROR,
+ "Changing the number of channels from %d to %d requires
re-initialization.\n",
+ ctx->channels, avctx->channels);
+ return AVERROR_PATCHWELCOME;
+ }
+
if ((ret = init_get_bits8(&ctx->gb, buffer, buffer_size)) < 0)
return ret;
@@ -1793,6 +1801,7 @@ static av_cold int decode_init(AVCodecContext *avctx)
channel_size = sconf->frame_length + sconf->max_order;
+ ctx->channels = avctx->channels;
ctx->prev_raw_samples = av_malloc_array(sconf->max_order,
sizeof(*ctx->prev_raw_samples));
ctx->raw_buffer = av_mallocz_array(avctx->channels * channel_size,
sizeof(*ctx->raw_buffer));
ctx->raw_samples = av_malloc_array(avctx->channels,
sizeof(*ctx->raw_samples));
--
2.6.4
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
