Browse code
shorten: dont leave invalid channel counts in the context.
Fixes freeing invalid addresses
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer authored on 2013/02/13 09:03:30Showing 1 changed files
| ... | ... |
@@ -343,6 +343,7 @@ static int read_header(ShortenContext *s) |
| 343 | 343 |
s->channels = get_uint(s, CHANSIZE); |
| 344 | 344 |
if (s->channels <= 0 || s->channels > MAX_CHANNELS) {
|
| 345 | 345 |
av_log(s->avctx, AV_LOG_ERROR, "too many channels: %d\n", s->channels); |
| 346 |
+ s->channels = 0; |
|
| 346 | 347 |
return AVERROR_INVALIDDATA; |
| 347 | 348 |
} |
| 348 | 349 |
s->avctx->channels = s->channels; |