[vlc-commits] caf: Reject samples without samplerate
Hugo Beauzée-Luyssen
git at videolan.org
Wed Aug 14 18:24:27 CEST 2019
vlc/vlc-3.0 | branch: master | Hugo Beauzée-Luyssen <hugo at beauzee.fr> | Wed Jul 31 16:28:49 2019 +0200| [9df056b6d6acf78acd36ea699b4e0588988a8f66] | committer: Hugo Beauzée-Luyssen
caf: Reject samples without samplerate
Since the spec mandates it
CVE-2019-14498
(cherry picked from commit 56b21668e8d9384386cb037f3eb0b13dd6dae5b5)
Signed-off-by: Hugo Beauzée-Luyssen <hugo at beauzee.fr>
> http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=9df056b6d6acf78acd36ea699b4e0588988a8f66
---
modules/demux/caf.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/modules/demux/caf.c b/modules/demux/caf.c
index f1e6724c3c..fb75f67e61 100644
--- a/modules/demux/caf.c
+++ b/modules/demux/caf.c
@@ -506,6 +506,11 @@ static int ReadDescChunk( demux_t *p_demux )
return VLC_EGENERIC;
p_sys->fmt.audio.i_rate = (unsigned int)lround( d_rate );
+ if( !p_sys->fmt.audio.i_rate )
+ {
+ msg_Err( p_demux, "Sample rate must be non-zero" );
+ return VLC_EGENERIC;
+ }
p_sys->fmt.audio.i_channels = i_channels_per_frame;
p_sys->fmt.audio.i_bytes_per_frame = i_bytes_per_packet; /* "mBytesPerPacket" in Apple parlance */
p_sys->fmt.audio.i_frame_length = i_frames_per_packet; /* "mFramesPerPacket" in Apple parlance */
@@ -885,7 +890,7 @@ static int Open( vlc_object_t *p_this )
i_idx++;
}
- if ( !p_sys->i_data_offset || p_sys->fmt.i_cat != AUDIO_ES ||
+ if ( !p_sys->i_data_offset || p_sys->fmt.i_cat != AUDIO_ES || !p_sys->fmt.audio.i_rate ||
( NeedsPacketTable( p_sys ) && !p_sys->packet_table.i_descriptions_start ))
{
msg_Err( p_demux, "Did not find all necessary chunks." );
More information about the vlc-commits
mailing list