avfilter/af_pan: check nb_output_channels before use

Fixes: CID1500281 Out-of-bounds write Fixes: CID1500331 Out-of-bounds write Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2024-06-10 23:41:07 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2024-07-07 23:36:28 +0200
commit: 5fe8bf4aa51350b14d0babd47b0314232e703caf (patch)
tree: 3d3cc2797fbf475ce075594e60caf3e9f8350fe2
parent: 2d0d502ff10378e545a1fe42a9503ab44d19fa67 (diff)
download: ffmpeg-5fe8bf4aa51350b14d0babd47b0314232e703caf.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c
index 31c6be45c3..da32977c99 100644
--- a/libavfilter/af_pan.c
+++ b/libavfilter/af_pan.c
@@ -119,6 +119,14 @@ static av_cold int init(AVFilterContext *ctx)
     if (ret < 0)
         goto fail;
 
+    if (pan->nb_output_channels > MAX_CHANNELS) {
+        av_log(ctx, AV_LOG_ERROR,
+               "af_pan supports a maximum of %d channels. "
+               "Feel free to ask for a higher limit.\n", MAX_CHANNELS);
+        ret = AVERROR_PATCHWELCOME;
+        goto fail;
+    }
+
     /* parse channel specifications */
     while ((arg = arg0 = av_strtok(NULL, "|", &tokenizer))) {
         int used_in_ch[MAX_CHANNELS] = {0};
author	Michael Niedermayer <michael@niedermayer.cc>	2024-06-10 23:41:07 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2024-07-07 23:36:28 +0200
commit	5fe8bf4aa51350b14d0babd47b0314232e703caf (patch)
tree	3d3cc2797fbf475ce075594e60caf3e9f8350fe2
parent	2d0d502ff10378e545a1fe42a9503ab44d19fa67 (diff)
download	ffmpeg-5fe8bf4aa51350b14d0babd47b0314232e703caf.tar.gz