Check validity of channels & samplerate.

This may be security relevant. Based on 2 patches by chrome. backport r19975 by michael Originally committed as revision 22658 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
author: Reinhard Tartler <siretart@tauware.de> 2010-03-24 19:35:30 +0000
committer: Reinhard Tartler <siretart@tauware.de> 2010-03-24 19:35:30 +0000
commit: 96ca078b22ad8bdb34444f4e56a79327faeaea65 (patch)
tree: ed2d8b8444b7415321181240f24472d7ffd962f6
parent: 7fd4cbb51973ccb061736e177584201a178f99ed (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/libavcodec/vorbis_dec.c b/libavcodec/vorbis_dec.c
index 6cfdf48ee7..98756572bf 100644
--- a/libavcodec/vorbis_dec.c
+++ b/libavcodec/vorbis_dec.c
@@ -902,8 +902,16 @@ static int vorbis_parse_id_hdr(vorbis_context *vc){
     }
 
     vc->version=get_bits_long(gb, 32);    //FIXME check 0
-    vc->audio_channels=get_bits(gb, 8);   //FIXME check >0
-    vc->audio_samplerate=get_bits_long(gb, 32);   //FIXME check >0
+    vc->audio_channels=get_bits(gb, 8);
+    if(vc->audio_channels <= 0){
+        av_log(vc->avccontext, AV_LOG_ERROR, "Invalid number of channels\n");
+        return -1;
+    }
+    vc->audio_samplerate=get_bits_long(gb, 32);
+    if(vc->audio_samplerate <= 0){
+        av_log(vc->avccontext, AV_LOG_ERROR, "Invalid samplerate\n");
+        return -1;
+    }
     vc->bitrate_maximum=get_bits_long(gb, 32);
     vc->bitrate_nominal=get_bits_long(gb, 32);
     vc->bitrate_minimum=get_bits_long(gb, 32);
author	Reinhard Tartler <siretart@tauware.de>	2010-03-24 19:35:30 +0000
committer	Reinhard Tartler <siretart@tauware.de>	2010-03-24 19:35:30 +0000
commit	96ca078b22ad8bdb34444f4e56a79327faeaea65 (patch)
tree	ed2d8b8444b7415321181240f24472d7ffd962f6
parent	7fd4cbb51973ccb061736e177584201a178f99ed (diff)