Check validity of channels & samplerate.

This may be security relevant. Based on 2 patches by chrome. Originally committed as revision 19975 to svn://svn.ffmpeg.org/ffmpeg/trunk
author: Michael Niedermayer <michaelni@gmx.at> 2009-09-23 07:46:51 +0000
committer: Michael Niedermayer <michaelni@gmx.at> 2009-09-23 07:46:51 +0000
commit: 9062cd354475754bdaaccc198a27e1728f47d5b7 (patch)
tree: 9cd1953c9196a59c207cb0ef79ddefa6eef3e1bc
parent: 428984b041092de3fb1bde07bf8d32383808a0e9 (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/libavcodec/vorbis_dec.c b/libavcodec/vorbis_dec.c
index 840207c79f..00542b9596 100644
--- a/libavcodec/vorbis_dec.c
+++ b/libavcodec/vorbis_dec.c
@@ -848,8 +848,16 @@ static int vorbis_parse_id_hdr(vorbis_context *vc){
     }
 
     vc->version=get_bits_long(gb, 32);    //FIXME check 0
-    vc->audio_channels=get_bits(gb, 8);   //FIXME check >0
-    vc->audio_samplerate=get_bits_long(gb, 32);   //FIXME check >0
+    vc->audio_channels=get_bits(gb, 8);
+    if(vc->audio_channels <= 0){
+        av_log(vc->avccontext, AV_LOG_ERROR, "Invalid number of channels\n");
+        return -1;
+    }
+    vc->audio_samplerate=get_bits_long(gb, 32);
+    if(vc->audio_samplerate <= 0){
+        av_log(vc->avccontext, AV_LOG_ERROR, "Invalid samplerate\n");
+        return -1;
+    }
     vc->bitrate_maximum=get_bits_long(gb, 32);
     vc->bitrate_nominal=get_bits_long(gb, 32);
     vc->bitrate_minimum=get_bits_long(gb, 32);
author	Michael Niedermayer <michaelni@gmx.at>	2009-09-23 07:46:51 +0000
committer	Michael Niedermayer <michaelni@gmx.at>	2009-09-23 07:46:51 +0000
commit	9062cd354475754bdaaccc198a27e1728f47d5b7 (patch)
tree	9cd1953c9196a59c207cb0ef79ddefa6eef3e1bc
parent	428984b041092de3fb1bde07bf8d32383808a0e9 (diff)