Mercurial > libavcodec.hg
comparison vorbis_dec.c @ 10231:e99054a89bfe libavcodec
Check validity of channels & samplerate.
This may be security relevant.
Based on 2 patches by chrome.
| author | michael |
|---|---|
| date | Wed, 23 Sep 2009 07:46:51 +0000 |
| parents | 38ab367d4231 |
| children | 1792a26c0bbb |
comparison
equal
deleted
inserted
replaced
| 10230:afaf58d1e894 | 10231:e99054a89bfe |
|---|---|
| 846 av_log(vc->avccontext, AV_LOG_ERROR, " Vorbis id header packet corrupt (no vorbis signature). \n"); | 846 av_log(vc->avccontext, AV_LOG_ERROR, " Vorbis id header packet corrupt (no vorbis signature). \n"); |
| 847 return 1; | 847 return 1; |
| 848 } | 848 } |
| 849 | 849 |
| 850 vc->version=get_bits_long(gb, 32); //FIXME check 0 | 850 vc->version=get_bits_long(gb, 32); //FIXME check 0 |
| 851 vc->audio_channels=get_bits(gb, 8); //FIXME check >0 | 851 vc->audio_channels=get_bits(gb, 8); |
| 852 vc->audio_samplerate=get_bits_long(gb, 32); //FIXME check >0 | 852 if(vc->audio_channels <= 0){ |
| 853 av_log(vc->avccontext, AV_LOG_ERROR, "Invalid number of channels\n"); | |
| 854 return -1; | |
| 855 } | |
| 856 vc->audio_samplerate=get_bits_long(gb, 32); | |
| 857 if(vc->audio_samplerate <= 0){ | |
| 858 av_log(vc->avccontext, AV_LOG_ERROR, "Invalid samplerate\n"); | |
| 859 return -1; | |
| 860 } | |
| 853 vc->bitrate_maximum=get_bits_long(gb, 32); | 861 vc->bitrate_maximum=get_bits_long(gb, 32); |
| 854 vc->bitrate_nominal=get_bits_long(gb, 32); | 862 vc->bitrate_nominal=get_bits_long(gb, 32); |
| 855 vc->bitrate_minimum=get_bits_long(gb, 32); | 863 vc->bitrate_minimum=get_bits_long(gb, 32); |
| 856 bl0=get_bits(gb, 4); | 864 bl0=get_bits(gb, 4); |
| 857 bl1=get_bits(gb, 4); | 865 bl1=get_bits(gb, 4); |