Fixes freeing invalid addresses
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
... | ... |
@@ -343,6 +343,7 @@ static int read_header(ShortenContext *s) |
343 | 343 |
s->channels = get_uint(s, CHANSIZE); |
344 | 344 |
if (s->channels <= 0 || s->channels > MAX_CHANNELS) { |
345 | 345 |
av_log(s->avctx, AV_LOG_ERROR, "too many channels: %d\n", s->channels); |
346 |
+ s->channels = 0; |
|
346 | 347 |
return AVERROR_INVALIDDATA; |
347 | 348 |
} |
348 | 349 |
s->avctx->channels = s->channels; |