projects / platform / upstream / libav.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 335826c)
twinvq: validate sample rate code
authorJustin Ruggles <justin.ruggles@gmail.com>
Tue, 23 Oct 2012 17:17:50 +0000 (13:17 -0400)
committerJustin Ruggles <justin.ruggles@gmail.com>
Thu, 1 Nov 2012 15:29:19 +0000 (11:29 -0400)
A large invalid value could cause undefined behavior when left-shifted
by 8 later in the function.

libavcodec/twinvq.c patch | blob | history

diff --git a/libavcodec/twinvq.c b/libavcodec/twinvq.c
index 3159e49..7af370e 100644 (file)
--- a/libavcodec/twinvq.c
+++ b/libavcodec/twinvq.c
@@ -1120,6 +1120,11 @@ static av_cold int twin_decode_init(AVCodecContext *avctx)
     avctx->channels = AV_RB32(avctx->extradata    ) + 1;
     avctx->bit_rate = AV_RB32(avctx->extradata + 4) * 1000;
     isampf          = AV_RB32(avctx->extradata + 8);
+
+    if (isampf < 8 || isampf > 44) {
+        av_log(avctx, AV_LOG_ERROR, "Unsupported sample rate\n");
+        return AVERROR_INVALIDDATA;
+    }
     switch (isampf) {
     case 44: avctx->sample_rate = 44100;         break;
     case 22: avctx->sample_rate = 22050;         break;
Domain: Multimedia / Media Content;