[libav-devel] [PATCH 40/45] twinvq: validate sample rate code

Justin Ruggles Tue, 23 Oct 2012 14:44:55 -0700

A large invalid value could cause undefined behavior when left-shifted
by 8 later in the function.
---
 libavcodec/twinvq.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)


diff --git a/libavcodec/twinvq.c b/libavcodec/twinvq.c
index 3159e49..7af370e 100644
--- a/libavcodec/twinvq.c
+++ b/libavcodec/twinvq.c
@@ -1120,6 +1120,11 @@ static av_cold int twin_decode_init(AVCodecContext 
*avctx)
     avctx->channels = AV_RB32(avctx->extradata    ) + 1;
     avctx->bit_rate = AV_RB32(avctx->extradata + 4) * 1000;
     isampf          = AV_RB32(avctx->extradata + 8);
+
+    if (isampf < 8 || isampf > 44) {
+        av_log(avctx, AV_LOG_ERROR, "Unsupported sample rate\n");
+        return AVERROR_INVALIDDATA;
+    }
     switch (isampf) {
     case 44: avctx->sample_rate = 44100;         break;
     case 22: avctx->sample_rate = 22050;         break;
-- 
1.7.1

_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel

[libav-devel] [PATCH 40/45] twinvq: validate sample rate code

Reply via email to