Check validity of channels & samplerate.

This may be security relevant. Based on 2 patches by chrome. backport r19975 by michael Originally committed as revision 22658 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
2025-01-19 05:49:09 +02:00 · 2010-03-24 19:35:30 +00:00 · 2010-03-24 19:35:30 +00:00 · 96ca078b22
commit 96ca078b22
parent 7fd4cbb519
1 changed files with 10 additions and 2 deletions
--- a/libavcodec/vorbis_dec.c
+++ b/libavcodec/vorbis_dec.c
@ -902,8 +902,16 @@ static int vorbis_parse_id_hdr(vorbis_context *vc){
    }

    vc->version=get_bits_long(gb, 32);    //FIXME check 0
-    vc->audio_channels=get_bits(gb, 8);   //FIXME check >0
-    vc->audio_samplerate=get_bits_long(gb, 32);   //FIXME check >0
+    vc->audio_channels=get_bits(gb, 8);
+    if(vc->audio_channels <= 0){
+        av_log(vc->avccontext, AV_LOG_ERROR, "Invalid number of channels\n");
+        return -1;
+    }
+    vc->audio_samplerate=get_bits_long(gb, 32);
+    if(vc->audio_samplerate <= 0){
+        av_log(vc->avccontext, AV_LOG_ERROR, "Invalid samplerate\n");
+        return -1;
+    }
    vc->bitrate_maximum=get_bits_long(gb, 32);
    vc->bitrate_nominal=get_bits_long(gb, 32);
    vc->bitrate_minimum=get_bits_long(gb, 32);