Quoting Andreas Cadhalpun (2016-11-14 20:30:10) > On 14.11.2016 00:01, Luca Barbato wrote: > > On 13/11/2016 19:23, Andreas Cadhalpun wrote: > >> avc->channels can be 0. > > > > 0 and less than zero shouldn't be an error? > > Such values should be rejected, wherever they are set. > However, ensuring that is a larger change I'm currently > working on. > Meanwhile, this patch is a trivial fix for the potential > security problem that can easily be backported.
channels being zero is perfectly valid, it means the caller does not know the channel count and expects the decoder to read it from the bitstream. This should fail for codecs that do not store this information in the bitstream, but work fine otherwise. In the case of opus, the channel count is always known -- when the extradata is present, the channel count is stored there. Otherwise the stream is simple and can be decoded either as mono or stereo, as we want. The patch does not seem to be doing the right thing -- I think it will simply fail on the opus_multistream_decoder_create() call. What it should do instead is just default to stereo. Even better, you could replace the whole extradata parsing block with a call to ff_opus_parse_extradata(), though that would require some refactoring. -- Anton Khirnov _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
