[vlc-commits] caf: Reject samples without samplerate

Hugo Beauzée-Luyssen git at videolan.org
Wed Aug 14 18:13:27 CEST 2019


vlc | branch: master | Hugo Beauzée-Luyssen <hugo at beauzee.fr> | Wed Jul 31 16:28:49 2019 +0200| [56b21668e8d9384386cb037f3eb0b13dd6dae5b5] | committer: Hugo Beauzée-Luyssen

caf: Reject samples without samplerate

Since the spec mandates it
CVE-2019-14498

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=56b21668e8d9384386cb037f3eb0b13dd6dae5b5
---

 modules/demux/caf.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/modules/demux/caf.c b/modules/demux/caf.c
index 875a1e1ba8..77b687e4b3 100644
--- a/modules/demux/caf.c
+++ b/modules/demux/caf.c
@@ -505,6 +505,11 @@ static int ReadDescChunk( demux_t *p_demux )
         return VLC_EGENERIC;
 
     p_sys->fmt.audio.i_rate = (unsigned int)lround( d_rate );
+    if( !p_sys->fmt.audio.i_rate )
+    {
+        msg_Err( p_demux, "Sample rate must be non-zero" );
+        return VLC_EGENERIC;
+    }
     p_sys->fmt.audio.i_channels = i_channels_per_frame;
     p_sys->fmt.audio.i_bytes_per_frame = i_bytes_per_packet; /* "mBytesPerPacket" in Apple parlance */
     p_sys->fmt.audio.i_frame_length = i_frames_per_packet; /* "mFramesPerPacket" in Apple parlance */
@@ -884,7 +889,7 @@ static int Open( vlc_object_t *p_this )
         i_idx++;
     }
 
-    if ( !p_sys->i_data_offset || p_sys->fmt.i_cat != AUDIO_ES ||
+    if ( !p_sys->i_data_offset || p_sys->fmt.i_cat != AUDIO_ES || !p_sys->fmt.audio.i_rate ||
         ( NeedsPacketTable( p_sys ) && !p_sys->packet_table.i_descriptions_start ))
     {
         msg_Err( p_demux, "Did not find all necessary chunks." );



More information about the vlc-commits mailing list