The values are written with avio_wl16 and if they don't fit into
uint16_t, this triggers an av_assert2 in avio_w8.
Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
---
libavformat/matroskadec.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 81dd53f..7af03c9 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1889,6 +1889,14 @@ static int matroska_parse_tracks(AVFormatContext *s)
NULL, NULL, NULL, NULL);
avio_write(&b, "TTA1", 4);
avio_wl16(&b, 1);
+ if (track->audio.channels > UINT16_MAX ||
+ track->audio.bitdepth > UINT16_MAX) {
+ av_log(matroska->ctx, AV_LOG_ERROR,
+ "Too large audio channel number %"PRIu64
+ " or bitdepth %"PRIu64".\n",
+ track->audio.channels, track->audio.bitdepth);
+ return AVERROR_INVALIDDATA;
+ }
avio_wl16(&b, track->audio.channels);
avio_wl16(&b, track->audio.bitdepth);
if (track->audio.out_samplerate < 0 || track->audio.out_samplerate
> INT_MAX)
--
2.1.4
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
