lavc: check channel count after decoder init

Ensures the decoder did not set channel count to an insanely high value
during initialization, which could cause large memory usage when it tries to
get a buffer during decoding.

diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index b4e7ed6b6bc81f073f71212a0dc5f2eeabd6f072..58dfe971e1be46a2f4331947415d33101032aaf3 100644 (file)
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -881,6 +881,11 @@ int attribute_align_arg avcodec_open2(AVCodecContext *avctx, const AVCodec *code
                 avctx->channel_layout = 0;
             }
         }
+        if (avctx->channels && avctx->channels < 0 ||
+            avctx->channels > FF_SANE_NB_CHANNELS) {
+            ret = AVERROR(EINVAL);
+            goto free_and_end;
+        }
     }
 end:
     entangled_thread_counter--;