[FFmpeg-cvslog] avcodec/adpcm: Check idelta

Michael Niedermayer git at videolan.org
Thu Dec 18 16:22:10 CET 2014


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu Dec 18 16:09:31 2014 +0100| [e59c28b16660b8f86ef05c7f0db4db89e62ed55f] | committer: Michael Niedermayer

avcodec/adpcm: Check idelta

Fixes integer overflow
Fixes: signal_sigsegv_1b0a4da_1865_cov_2167818389_computer_anger.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e59c28b16660b8f86ef05c7f0db4db89e62ed55f
---

 libavcodec/adpcm.c |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c
index 2f95a6f..7785a7a 100644
--- a/libavcodec/adpcm.c
+++ b/libavcodec/adpcm.c
@@ -246,6 +246,10 @@ static inline short adpcm_ms_expand_nibble(ADPCMChannelStatus *c, int nibble)
     c->sample1 = av_clip_int16(predictor);
     c->idelta = (ff_adpcm_AdaptationTable[(int)nibble] * c->idelta) >> 8;
     if (c->idelta < 16) c->idelta = 16;
+    if (c->idelta > INT_MAX/768) {
+        av_log(NULL, AV_LOG_WARNING, "idelta overflow\n");
+        c->idelta = INT_MAX/768;
+    }
 
     return c->sample1;
 }



More information about the ffmpeg-cvslog mailing list