Commit b5f628e2 authored by Justin Ruggles's avatar Justin Ruggles

twinvq: validate sample rate code

A large invalid value could cause undefined behavior when left-shifted
by 8 later in the function.
parent 335826cf
...@@ -1120,6 +1120,11 @@ static av_cold int twin_decode_init(AVCodecContext *avctx) ...@@ -1120,6 +1120,11 @@ static av_cold int twin_decode_init(AVCodecContext *avctx)
avctx->channels = AV_RB32(avctx->extradata ) + 1; avctx->channels = AV_RB32(avctx->extradata ) + 1;
avctx->bit_rate = AV_RB32(avctx->extradata + 4) * 1000; avctx->bit_rate = AV_RB32(avctx->extradata + 4) * 1000;
isampf = AV_RB32(avctx->extradata + 8); isampf = AV_RB32(avctx->extradata + 8);
if (isampf < 8 || isampf > 44) {
av_log(avctx, AV_LOG_ERROR, "Unsupported sample rate\n");
return AVERROR_INVALIDDATA;
}
switch (isampf) { switch (isampf) {
case 44: avctx->sample_rate = 44100; break; case 44: avctx->sample_rate = 44100; break;
case 22: avctx->sample_rate = 22050; break; case 22: avctx->sample_rate = 22050; break;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment