From 3426d575bf46edc0f52d15f7e7c1d199e8688faa Mon Sep 17 00:00:00 2001 From: wg Date: Mon, 17 Dec 2007 10:41:47 +0000 Subject: [PATCH] Fix crash in PCM decoder when number of channels is not set. Patch by "wg": video06 malloc de See Issue298 Originally committed as revision 11249 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavcodec/pcm.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavcodec/pcm.c b/libavcodec/pcm.c index 560e2e3..c7a7e82 100644 --- a/libavcodec/pcm.c +++ b/libavcodec/pcm.c @@ -384,10 +384,14 @@ static int pcm_decode_frame(AVCodecContext *avctx, src = buf; n= av_get_bits_per_sample(avctx->codec_id)/8; - if((n && buf_size % n) || avctx->channels > MAX_CHANNELS){ + if(n && buf_size % n){ av_log(avctx, AV_LOG_ERROR, "invalid PCM packet\n"); return -1; } + if(avctx->channels <= 0 || avctx->channels > MAX_CHANNELS){ + av_log(avctx, AV_LOG_ERROR, "PCM channels out of bounds\n"); + return -1; + } buf_size= FFMIN(buf_size, *data_size/2); *data_size=0; -- 2.7.4