aac: check the maximum number of channels

Broken bitstreams could report a larger than specified number of channels and cause outbound writes. CC:libav-stable@libav.org
author: Luca Barbato <lu_zero@gentoo.org> 2013-04-27 18:20:47 +0200
committer: Luca Barbato <lu_zero@gentoo.org> 2013-04-28 00:40:33 +0200
commit: a943a132f36f4df8fe2f749744677b71984abce7 (patch)
tree: 2d18416369499c9c60eeb1bb612c33a887648cc3 /libavcodec/aacdec.c
parent: 1b6f84a98665a15130e969fd6b460a05d50090c1 (diff)
download: ffmpeg-a943a132f36f4df8fe2f749744677b71984abce7.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c
index 102c3d5d11..3219ec6185 100644
--- a/libavcodec/aacdec.c
+++ b/libavcodec/aacdec.c
@@ -141,6 +141,8 @@ static av_cold int che_configure(AACContext *ac,
                                  enum ChannelPosition che_pos,
                                  int type, int id, int *channels)
 {
+    if (*channels >= MAX_CHANNELS)
+        return AVERROR_INVALIDDATA;
     if (che_pos) {
         if (!ac->che[type][id]) {
             if (!(ac->che[type][id] = av_mallocz(sizeof(ChannelElement))))
author	Luca Barbato <lu_zero@gentoo.org>	2013-04-27 18:20:47 +0200
committer	Luca Barbato <lu_zero@gentoo.org>	2013-04-28 00:40:33 +0200
commit	a943a132f36f4df8fe2f749744677b71984abce7 (patch)
tree	2d18416369499c9c60eeb1bb612c33a887648cc3 /libavcodec/aacdec.c
parent	1b6f84a98665a15130e969fd6b460a05d50090c1 (diff)
download	ffmpeg-a943a132f36f4df8fe2f749744677b71984abce7.tar.gz