[vlc-commits] caf: Reject samples without samplerate
Hugo Beauzée-Luyssen
git at videolan.org
Wed Aug 14 18:13:27 CEST 2019
vlc | branch: master | Hugo Beauzée-Luyssen <hugo at beauzee.fr> | Wed Jul 31 16:28:49 2019 +0200| [56b21668e8d9384386cb037f3eb0b13dd6dae5b5] | committer: Hugo Beauzée-Luyssen
caf: Reject samples without samplerate
Since the spec mandates it
CVE-2019-14498
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=56b21668e8d9384386cb037f3eb0b13dd6dae5b5
---
modules/demux/caf.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/modules/demux/caf.c b/modules/demux/caf.c
index 875a1e1ba8..77b687e4b3 100644
--- a/modules/demux/caf.c
+++ b/modules/demux/caf.c
@@ -505,6 +505,11 @@ static int ReadDescChunk( demux_t *p_demux )
return VLC_EGENERIC;
p_sys->fmt.audio.i_rate = (unsigned int)lround( d_rate );
+ if( !p_sys->fmt.audio.i_rate )
+ {
+ msg_Err( p_demux, "Sample rate must be non-zero" );
+ return VLC_EGENERIC;
+ }
p_sys->fmt.audio.i_channels = i_channels_per_frame;
p_sys->fmt.audio.i_bytes_per_frame = i_bytes_per_packet; /* "mBytesPerPacket" in Apple parlance */
p_sys->fmt.audio.i_frame_length = i_frames_per_packet; /* "mFramesPerPacket" in Apple parlance */
@@ -884,7 +889,7 @@ static int Open( vlc_object_t *p_this )
i_idx++;
}
- if ( !p_sys->i_data_offset || p_sys->fmt.i_cat != AUDIO_ES ||
+ if ( !p_sys->i_data_offset || p_sys->fmt.i_cat != AUDIO_ES || !p_sys->fmt.audio.i_rate ||
( NeedsPacketTable( p_sys ) && !p_sys->packet_table.i_descriptions_start ))
{
msg_Err( p_demux, "Did not find all necessary chunks." );
More information about the vlc-commits
mailing list