From b25581d68587ce0797aaed367fa70ba8b43e3404 Mon Sep 17 00:00:00 2001
From: gg0907 <guohui_1701@163.com>
Date: Fri, 13 May 2022 10:29:38 +0800
Subject: [PATCH] fix CVE-2022-1475

Signed-off-by: gg0907 <guohui_1701@163.com>
---
 libavcodec/g729_parser.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/g729_parser.c b/libavcodec/g729_parser.c
index 010f688104..ef08b48bf3 100644
--- a/libavcodec/g729_parser.c
+++ b/libavcodec/g729_parser.c
@@ -49,6 +49,9 @@ static int g729_parse(AVCodecParserContext *s1, AVCodecContext *avctx,
         s->block_size = (avctx->bit_rate < 8000) ? G729D_6K4_BLOCK_SIZE : G729_8K_BLOCK_SIZE;
         if (avctx->codec_id == AV_CODEC_ID_ACELP_KELVIN)
             s->block_size++;
+        // channels > 2 is invalid, we pass the packet on unchanged
+        if (avctx->channels > 2)
+            s->block_size = 0;
         s->block_size *= avctx->channels;
         s->duration   = avctx->frame_size;
     }