We do not support more channels. For example avcodec_open2() limits channels this way too
The example file contains multiple chunks with over 16 million channels Fixes: Timeout / DOS Fixes: 67143/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-4858720481771520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavformat/mov_chan.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavformat/mov_chan.c b/libavformat/mov_chan.c index cc5b3331290..2cc6b2a7797 100644 --- a/libavformat/mov_chan.c +++ b/libavformat/mov_chan.c @@ -30,6 +30,7 @@ #include "libavutil/channel_layout.h" #include "libavutil/mem.h" #include "libavcodec/codec_id.h" +#include "libavcodec/internal.h" #include "mov_chan.h" enum { @@ -549,6 +550,10 @@ int ff_mov_read_chan(AVFormatContext *s, AVIOContext *pb, AVStream *st, num_descr, nb_channels); num_descr = nb_channels; } + if (nb_channels > FF_SANE_NB_CHANNELS) { + ret = AVERROR(ENOTSUP); + goto out; + } av_channel_layout_uninit(ch_layout); ret = av_channel_layout_custom_init(ch_layout, nb_channels); -- 2.46.0 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
