[FFmpeg-devel] [PATCH] mxfdec: Fix integer overflow with many channels
Matthieu Bouron
matthieu.bouron at gmail.com
Fri Jan 11 17:18:37 CET 2013
On Tue, Jan 8, 2013 at 2:43 AM, Michael Niedermayer <michaelni at gmx.at> wrote:
> Fixes division by zero
>
> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> ---
> libavformat/mxfdec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> index bb5f4a7..648a579 100644
> --- a/libavformat/mxfdec.c
> +++ b/libavformat/mxfdec.c
> @@ -2070,7 +2070,7 @@ static int mxf_set_audio_pts(MXFContext *mxf, AVCodecContext *codec, AVPacket *p
> pkt->pts = track->sample_count;
> if (codec->channels <= 0 || av_get_bits_per_sample(codec->codec_id) <= 0)
> return AVERROR(EINVAL);
> - track->sample_count += pkt->size / (codec->channels * av_get_bits_per_sample(codec->codec_id) / 8);
> + track->sample_count += pkt->size / (codec->channels * (int64_t)av_get_bits_per_sample(codec->codec_id) / 8);
> return 0;
> }
>
LGTM.
Note: this overflow can be avoided by checking the channel count in
the above check and limiting it to an arbitrary long enough value.
Regards,
Matthieu
More information about the ffmpeg-devel
mailing list