From 057549a9ccc9fd32df71678e6abe69e10668186a Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sat, 16 Jan 2016 18:32:07 +0100
Subject: avcodec/aacenc: Check both channels for finiteness

Fixes null pointer dereference
Fixes: 10412fc52ecc6eab40ed67f82ca7b372/signal_sigsegv_2618c99_2129_f808373959e46afb165593332799ffbc.aif

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/aacenc.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

(limited to 'libavcodec/aacenc.c')

diff --git a/libavcodec/aacenc.c b/libavcodec/aacenc.c
index 2e0db7d91b..688b131818 100644
--- a/libavcodec/aacenc.c
+++ b/libavcodec/aacenc.c
@@ -607,14 +607,14 @@ static int aac_encode_frame(AVCodecContext *avctx, AVPacket *avpkt,
                 s->mdct1024.mdct_calc(&s->mdct1024, sce->lcoeffs, sce->ret_buf);
             }
 
-            if (!(isfinite(cpe->ch->coeffs[    0]) &&
-                  isfinite(cpe->ch->coeffs[  128]) &&
-                  isfinite(cpe->ch->coeffs[2*128]) &&
-                  isfinite(cpe->ch->coeffs[3*128]) &&
-                  isfinite(cpe->ch->coeffs[4*128]) &&
-                  isfinite(cpe->ch->coeffs[5*128]) &&
-                  isfinite(cpe->ch->coeffs[6*128]) &&
-                  isfinite(cpe->ch->coeffs[7*128]))
+            if (!(isfinite(cpe->ch[ch].coeffs[    0]) &&
+                  isfinite(cpe->ch[ch].coeffs[  128]) &&
+                  isfinite(cpe->ch[ch].coeffs[2*128]) &&
+                  isfinite(cpe->ch[ch].coeffs[3*128]) &&
+                  isfinite(cpe->ch[ch].coeffs[4*128]) &&
+                  isfinite(cpe->ch[ch].coeffs[5*128]) &&
+                  isfinite(cpe->ch[ch].coeffs[6*128]) &&
+                  isfinite(cpe->ch[ch].coeffs[7*128]))
             ) {
                 av_log(avctx, AV_LOG_ERROR, "Input contains NaN/+-Inf\n");
                 return AVERROR(EINVAL);
-- 
cgit v1.2.3