From cf1a259ad6eb7ad80fce1f2c2b86fda846e401c2 Mon Sep 17 00:00:00 2001
From: Justin Ruggles <justin.ruggles@gmail.com>
Date: Fri, 6 Jan 2012 16:01:07 -0500
Subject: [PATCH] g722enc: validate AVCodecContext.trellis

---
 libavcodec/g722enc.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/libavcodec/g722enc.c b/libavcodec/g722enc.c
index ceb18b46dba..1cb00706492 100644
--- a/libavcodec/g722enc.c
+++ b/libavcodec/g722enc.c
@@ -36,6 +36,11 @@
    problems, so we limit it to a reasonable value */
 #define MAX_FRAME_SIZE 32768
 
+/* We clip the value of avctx->trellis to prevent data type overflows and
+   undefined behavior. Using larger values is insanely slow anyway. */
+#define MIN_TRELLIS 0
+#define MAX_TRELLIS 16
+
 static av_cold int g722_encode_init(AVCodecContext * avctx)
 {
     G722Context *c = avctx->priv_data;
@@ -83,6 +88,17 @@ static av_cold int g722_encode_init(AVCodecContext * avctx)
         avctx->frame_size = 320;
     }
 
+    if (avctx->trellis) {
+        /* validate trellis */
+        if (avctx->trellis < MIN_TRELLIS || avctx->trellis > MAX_TRELLIS) {
+            int new_trellis = av_clip(avctx->trellis, MIN_TRELLIS, MAX_TRELLIS);
+            av_log(avctx, AV_LOG_WARNING, "Requested trellis value is not "
+                   "allowed. Using %d instead of %d\n", new_trellis,
+                   avctx->trellis);
+            avctx->trellis = new_trellis;
+        }
+    }
+
     return 0;
 }
 
-- 
GitLab