aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec/vorbisdec.c
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2012-01-04 21:55:52 +0100
committerMichael Niedermayer <michaelni@gmx.at>2012-01-04 22:19:02 +0100
commit58afa73338489c0a89ee427ab02e592513fb1c59 (patch)
tree292270c94b9f777c0eb73ac487866a82c3acbfb5 /libavcodec/vorbisdec.c
parent68ee43468e1b9d36eb2ffe1d3294af0c0a7858e8 (diff)
downloadffmpeg-58afa73338489c0a89ee427ab02e592513fb1c59.tar.gz
vorbis: make sure ch is non zero before calling vorbis_residue_decode
This possibly makes part of the CVE-2011-3895 fix unneeded. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit ff7f198d7f9504f71676327be0be47661cfe39d6) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec/vorbisdec.c')
-rw-r--r--libavcodec/vorbisdec.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/libavcodec/vorbisdec.c b/libavcodec/vorbisdec.c
index c99401b2c6..4bd1cf22a3 100644
--- a/libavcodec/vorbisdec.c
+++ b/libavcodec/vorbisdec.c
@@ -1575,9 +1575,11 @@ static int vorbis_parse_audio_packet(vorbis_context *vc)
av_log(vc->avccontext, AV_LOG_ERROR, "Too many channels in vorbis_floor_decode.\n");
return -1;
}
- ret = vorbis_residue_decode(vc, residue, ch, do_not_decode, ch_res_ptr, vlen, ch_left);
- if (ret < 0)
- return ret;
+ if (ch) {
+ ret = vorbis_residue_decode(vc, residue, ch, do_not_decode, ch_res_ptr, vlen, ch_left);
+ if (ret < 0)
+ return ret;
+ }
ch_res_ptr += ch * vlen;
ch_left -= ch;