Displaying 1 result from an estimated 1 matches for "read_u16_be".
2015 Feb 19
0
[PATCH] oggenc: validate count of channels in the header
...n)
aiff_fmt format;
aifffile *aiff = malloc(sizeof(aifffile));
int i;
+ long channels;
if(buf[11]=='C')
aifc=1;
@@ -277,11 +279,17 @@ int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen)
return 0;
}
- format.channels = READ_U16_BE(buffer);
+ format.channels = channels = READ_U16_BE(buffer);
format.totalframes = READ_U32_BE(buffer+2);
format.samplesize = READ_U16_BE(buffer+6);
format.rate = (int)read_IEEE80(buffer+8);
+ if(channels <= 0L || SHRT_MAX < channels)
+ {
+ fprintf(stderr, _(&q...