On Sat, 29 Sep 2012 11:45:56 -0400, Justin Ruggles <[email protected]> wrote: > If there is an error during frame parsing, but AVCodecContext.channels was > changed and AC3DecodeContext.out_channels was set previously, the two may not > match. > > Fixes CVE-2012-2802 > Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind > --- > libavcodec/ac3dec.c | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > > diff --git a/libavcodec/ac3dec.c b/libavcodec/ac3dec.c > index 37426c6..12770db 100644 > --- a/libavcodec/ac3dec.c > +++ b/libavcodec/ac3dec.c > @@ -1369,6 +1369,7 @@ static int ac3_decode_frame(AVCodecContext * avctx, > void *data, > avctx->audio_service_type = AV_AUDIO_SERVICE_TYPE_KARAOKE; > > /* get output buffer */ > + avctx->channels = s->out_channels; > s->frame.nb_samples = s->num_blocks * 256; > if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) { > av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); > -- > 1.7.1 >
Should be ok. -- Anton Khirnov _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
