From 0366664ef9af85ee052925f9a1a853d14d2f47a7 Mon Sep 17 00:00:00 2001
From: Justin Ruggles <justin.ruggles@gmail.com>
Date: Tue, 23 Oct 2012 00:56:00 -0400
Subject: [PATCH] lavc: check channel count after decoder init

Ensures the decoder did not set channel count to an insanely high value
during initialization, which could cause large memory usage when it tries to
get a buffer during decoding.
---
 libavcodec/utils.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index b4e7ed6b6b..58dfe971e1 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -881,6 +881,11 @@ int attribute_align_arg avcodec_open2(AVCodecContext *avctx, const AVCodec *code
                 avctx->channel_layout = 0;
             }
         }
+        if (avctx->channels && avctx->channels < 0 ||
+            avctx->channels > FF_SANE_NB_CHANNELS) {
+            ret = AVERROR(EINVAL);
+            goto free_and_end;
+        }
     }
 end:
     entangled_thread_counter--;
-- 
2.11.0