shorten: validate that the channel count in the header is not <= 0

author Justin Ruggles <justin.ruggles@gmail.com>

Tue, 23 Oct 2012 04:40:51 +0000 (00:40 -0400)

committer Justin Ruggles <justin.ruggles@gmail.com>

Thu, 1 Nov 2012 15:29:18 +0000 (11:29 -0400)
author Justin Ruggles <justin.ruggles@gmail.com>
Tue, 23 Oct 2012 04:40:51 +0000 (00:40 -0400)
committer Justin Ruggles <justin.ruggles@gmail.com>
Thu, 1 Nov 2012 15:29:18 +0000 (11:29 -0400)
diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c

index 1664a90..be2b8e2 100644 (file)
--- a/libavcodec/shorten.c
+++ b/libavcodec/shorten.c
@@ -342,7 +342,7 @@ static int read_header(ShortenContext *s)
      s->internal_ftype = get_uint(s, TYPESIZE);
  
      s->channels = get_uint(s, CHANSIZE);
-    if (s->channels > MAX_CHANNELS) {
+    if (s->channels <= 0 || s->channels > MAX_CHANNELS) {
          av_log(s->avctx, AV_LOG_ERROR, "too many channels: %d\n", s->channels);
          return -1;
      }
author	Justin Ruggles <justin.ruggles@gmail.com>
	Tue, 23 Oct 2012 04:40:51 +0000 (00:40 -0400)
committer	Justin Ruggles <justin.ruggles@gmail.com>
	Thu, 1 Nov 2012 15:29:18 +0000 (11:29 -0400)