From b5fc571e4f730579f328ae9cf77435cb7fddc53d Mon Sep 17 00:00:00 2001
From: Alex Converse <alex.converse@gmail.com>
Date: Wed, 11 Jan 2012 14:03:57 -0800
Subject: [PATCH] latmdec: Check AudioSpecificConfig length before decoding
 extradata.

This is different than a normal get_bits() over read because
decode_audio_specific_config() creates its own GetBitContext.

Fixes Bug 170.
---
 libavcodec/aacdec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c
index b2fc740d4d..ca1a876436 100644
--- a/libavcodec/aacdec.c
+++ b/libavcodec/aacdec.c
@@ -2363,6 +2363,8 @@ static int latm_decode_audio_specific_config(struct LATMContext *latmctx,
                                "config not byte aligned.\n", 1);
         return AVERROR_INVALIDDATA;
     }
+    if (asclen <= 0)
+        return AVERROR_INVALIDDATA;
     bits_consumed = decode_audio_specific_config(NULL, avctx, &m4ac,
                                          gb->buffer + (config_start_bit / 8),
                                          asclen, sync_extension);