[FFmpeg-cvslog] shorten: dont leave invalid channel counts in the context.

Michael Niedermayer git at videolan.org
Wed Feb 13 01:16:01 CET 2013


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Wed Feb 13 01:03:30 2013 +0100| [4f1279154ee9baf2078241bf5619774970d18b25] | committer: Michael Niedermayer

shorten: dont leave invalid channel counts in the context.

Fixes freeing invalid addresses

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4f1279154ee9baf2078241bf5619774970d18b25
---

 libavcodec/shorten.c |    1 +
 1 file changed, 1 insertion(+)

diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c
index 804dac7..3dda56f 100644
--- a/libavcodec/shorten.c
+++ b/libavcodec/shorten.c
@@ -343,6 +343,7 @@ static int read_header(ShortenContext *s)
     s->channels = get_uint(s, CHANSIZE);
     if (s->channels <= 0 || s->channels > MAX_CHANNELS) {
         av_log(s->avctx, AV_LOG_ERROR, "too many channels: %d\n", s->channels);
+        s->channels = 0;
         return AVERROR_INVALIDDATA;
     }
     s->avctx->channels = s->channels;



More information about the ffmpeg-cvslog mailing list