libtta 2.3 has a limit of 6 channels, so 16 is substantially above the "official" already
Fixes: OOM
Fixes: 15249/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5643988125614080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
s->data_length = get_bits_long(&gb, 32);
skip_bits_long(&gb, 32); // CRC32 of header
- if (s->channels == 0) {
+ if (s->channels == 0 || s->channels > 16) {
av_log(avctx, AV_LOG_ERROR, "Invalid number of channels\n");
return AVERROR_INVALIDDATA;
} else if (avctx->sample_rate == 0) {