Check validity of channels & samplerate.

This may be security relevant.
Based on 2 patches by chrome.

backport r19975 by michael




Originally committed as revision 22658 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

1 files changed, 10 insertions, 2 deletions

diff --git a/libavcodec/vorbis_dec.c b/libavcodec/vorbis_dec.c
index 6cfdf48ee7..98756572bf 100644
--- a/libavcodec/vorbis_dec.c
+++ b/libavcodec/vorbis_dec.c
@@ -902,8 +902,16 @@ static int vorbis_parse_id_hdr(vorbis_context *vc){
     }
 
     vc->version=get_bits_long(gb, 32);    //FIXME check 0
-    vc->audio_channels=get_bits(gb, 8);   //FIXME check >0
-    vc->audio_samplerate=get_bits_long(gb, 32);   //FIXME check >0
+    vc->audio_channels=get_bits(gb, 8);
+    if(vc->audio_channels <= 0){
+        av_log(vc->avccontext, AV_LOG_ERROR, "Invalid number of channels\n");
+        return -1;
+    }
+    vc->audio_samplerate=get_bits_long(gb, 32);
+    if(vc->audio_samplerate <= 0){
+        av_log(vc->avccontext, AV_LOG_ERROR, "Invalid samplerate\n");
+        return -1;
+    }
     vc->bitrate_maximum=get_bits_long(gb, 32);
     vc->bitrate_nominal=get_bits_long(gb, 32);
     vc->bitrate_minimum=get_bits_long(gb, 32);