# HG changeset patch
# User ramiro
# Date 1240353170 0
# Node ID 2aabf1a58f196c52ce84273045eb67d206dc0c65
# Parent  19a70bcc2220f92b3730a8e9bfa66282bb2f0cc4
mlpdec: Validate num_primitive_matrices.

diff -r 19a70bcc2220 -r 2aabf1a58f19 mlp.h
--- a/mlp.h	Tue Apr 21 22:12:30 2009 +0000
+++ b/mlp.h	Tue Apr 21 22:32:50 2009 +0000
@@ -35,6 +35,8 @@
 /** Maximum number of matrices used in decoding; most streams have one matrix
  *  per output channel, but some rematrix a channel (usually 0) more than once.
  */
+#define MAX_MATRICES_MLP            6
+#define MAX_MATRICES_TRUEHD         8
 #define MAX_MATRICES        15
 
 /** Maximum number of substreams that can be decoded.
diff -r 19a70bcc2220 -r 2aabf1a58f19 mlpdec.c
--- a/mlpdec.c	Tue Apr 21 22:12:30 2009 +0000
+++ b/mlpdec.c	Tue Apr 21 22:32:50 2009 +0000
@@ -527,6 +527,9 @@
 {
     SubStream *s = &m->substream[substr];
     unsigned int mat, ch;
+    const int max_primitive_matrices = m->avctx->codec_id == CODEC_ID_MLP
+                                     ? MAX_MATRICES_MLP
+                                     : MAX_MATRICES_TRUEHD;
 
     if (m->matrix_changed++ > 1) {
         av_log(m->avctx, AV_LOG_ERROR, "Matrices may change only once per access unit.\n");
@@ -535,6 +538,13 @@
 
     s->num_primitive_matrices = get_bits(gbp, 4);
 
+    if (s->num_primitive_matrices > max_primitive_matrices) {
+        av_log(m->avctx, AV_LOG_ERROR,
+               "Number of primitive matrices cannot be greater than %d.\n",
+               max_primitive_matrices);
+        return -1;
+    }
+
     for (mat = 0; mat < s->num_primitive_matrices; mat++) {
         int frac_bits, max_chan;
         s->matrix_out_ch[mat] = get_bits(gbp, 4);