adx: validate header values

author: Justin Ruggles <justin.ruggles@gmail.com> 2011-11-19 17:51:36 -0500
committer: Justin Ruggles <justin.ruggles@gmail.com> 2011-11-26 16:25:06 -0500
commit: e2d1eace00a80c4b53998397d38ea4e08c5d47f0 (patch)
tree: aad65fc23e9ceda55cc30787c47e10b34b76b4a3 /libavcodec/adxdec.c
parent: 8db67610c016d1aa8ed09643b1ee9b96f7b18c01 (diff)
download: ffmpeg-e2d1eace00a80c4b53998397d38ea4e08c5d47f0.tar.gz
1 files changed, 12 insertions, 5 deletions
diff --git a/libavcodec/adxdec.c b/libavcodec/adxdec.c
index 7d06d27a75..887c6d1404 100644
--- a/libavcodec/adxdec.c
+++ b/libavcodec/adxdec.c
@@ -93,7 +93,7 @@ static void adx_decode_stereo(int16_t *out,const uint8_t *in,
  * @param avctx   codec context
  * @param buf     packet data
  * @param bufsize packet size
- * @return data offset or 0 if header is invalid
+ * @return data offset or negative error code if header is invalid
  */
 static int adx_decode_header(AVCodecContext *avctx, const uint8_t *buf,
                              int bufsize)
@@ -101,13 +101,18 @@ static int adx_decode_header(AVCodecContext *avctx, const uint8_t *buf,
     int offset;
 
     if (buf[0] != 0x80)
-        return 0;
+        return AVERROR_INVALIDDATA;
     offset = (AV_RB32(buf) ^ 0x80000000) + 4;
     if (bufsize < offset || memcmp(buf + offset - 6, "(c)CRI", 6))
-        return 0;
+        return AVERROR_INVALIDDATA;
 
     avctx->channels    = buf[7];
+    if (avctx->channels > 2)
+        return AVERROR_INVALIDDATA;
     avctx->sample_rate = AV_RB32(buf + 8);
+    if (avctx->sample_rate < 1 ||
+        avctx->sample_rate > INT_MAX / (avctx->channels * 18 * 8))
+        return AVERROR_INVALIDDATA;
     avctx->bit_rate    = avctx->sample_rate * avctx->channels * 18 * 8 / 32;
 
     return offset;
@@ -125,8 +130,10 @@ static int adx_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
 
     if (!c->header_parsed) {
         int hdrsize = adx_decode_header(avctx, buf, rest);
-        if (!hdrsize)
-            return -1;
+        if (hdrsize < 0) {
+            av_log(avctx, AV_LOG_ERROR, "invalid stream header\n");
+            return hdrsize;
+        }
         c->header_parsed = 1;
         buf  += hdrsize;
         rest -= hdrsize;
author	Justin Ruggles <justin.ruggles@gmail.com>	2011-11-19 17:51:36 -0500
committer	Justin Ruggles <justin.ruggles@gmail.com>	2011-11-26 16:25:06 -0500
commit	e2d1eace00a80c4b53998397d38ea4e08c5d47f0 (patch)
tree	aad65fc23e9ceda55cc30787c47e10b34b76b4a3 /libavcodec/adxdec.c
parent	8db67610c016d1aa8ed09643b1ee9b96f7b18c01 (diff)
download	ffmpeg-e2d1eace00a80c4b53998397d38ea4e08c5d47f0.tar.gz