ffmpeg | branch: master | Michael Niedermayer <michae...@gmx.at> | Wed Jul 8 04:23:45 2015 +0200| [e83ffb48aca607ae3ec057f81c3d2eff9c075782] | committer: Michael Niedermayer
avcodec/utils: Check values in apply_param_change() Signed-off-by: Michael Niedermayer <michae...@gmx.at> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e83ffb48aca607ae3ec057f81c3d2eff9c075782 --- libavcodec/utils.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index b80b4e7..96f177d 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -2257,6 +2257,7 @@ static int apply_param_change(AVCodecContext *avctx, AVPacket *avpkt) int size = 0, ret; const uint8_t *data; uint32_t flags; + int64_t val; data = av_packet_get_side_data(avpkt, AV_PKT_DATA_PARAM_CHANGE, &size); if (!data) @@ -2277,7 +2278,12 @@ static int apply_param_change(AVCodecContext *avctx, AVPacket *avpkt) if (flags & AV_SIDE_DATA_PARAM_CHANGE_CHANNEL_COUNT) { if (size < 4) goto fail; - avctx->channels = bytestream_get_le32(&data); + val = bytestream_get_le32(&data); + if (val <= 0 || val > INT_MAX) { + av_log(avctx, AV_LOG_ERROR, "Invalid channel count"); + return AVERROR_INVALIDDATA; + } + avctx->channels = val; size -= 4; } if (flags & AV_SIDE_DATA_PARAM_CHANGE_CHANNEL_LAYOUT) { @@ -2289,7 +2295,12 @@ static int apply_param_change(AVCodecContext *avctx, AVPacket *avpkt) if (flags & AV_SIDE_DATA_PARAM_CHANGE_SAMPLE_RATE) { if (size < 4) goto fail; - avctx->sample_rate = bytestream_get_le32(&data); + val = bytestream_get_le32(&data); + if (val <= 0 || val > INT_MAX) { + av_log(avctx, AV_LOG_ERROR, "Invalid sample rate"); + return AVERROR_INVALIDDATA; + } + avctx->sample_rate = val; size -= 4; } if (flags & AV_SIDE_DATA_PARAM_CHANGE_DIMENSIONS) { _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
