[FFmpeg-devel] [PATCH] aiffdec: fix division by zero

Michael Niedermayer michael at niedermayer.cc
Mon Oct 17 21:11:02 EEST 2016


On Mon, Oct 17, 2016 at 06:27:29PM +0200, Andreas Cadhalpun wrote:
> On 17.10.2016 17:13, Michael Niedermayer wrote:
> > On Mon, Oct 17, 2016 at 04:17:35PM +0200, Andreas Cadhalpun wrote:
> >> On 17.10.2016 05:43, Michael Niedermayer wrote:
> >>> On Sun, Oct 16, 2016 at 10:38:42PM +0200, Andreas Cadhalpun wrote:
> >>>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> >>>> ---
> >>>>  libavformat/aiffdec.c | 2 +-
> >>>>  1 file changed, 1 insertion(+), 1 deletion(-)
> >>>>
> >>>> diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c
> >>>> index cd916f9..de82787 100644
> >>>> --- a/libavformat/aiffdec.c
> >>>> +++ b/libavformat/aiffdec.c
> >>>> @@ -380,7 +380,7 @@ static int aiff_read_packet(AVFormatContext *s,
> >>>>          size = st->codecpar->block_align;
> >>>>          break;
> >>>>      default:
> >>>> -        size = (MAX_SIZE / st->codecpar->block_align) * st->codecpar->block_align;
> >>>> +        size = st->codecpar->block_align ? (MAX_SIZE / st->codecpar->block_align) * st->codecpar->block_align : MAX_SIZE;
> >>>
> >>> how do you reach block_align == 0 ?
> >>> aiff_read_header() checks for block_align == 0
> >>
> >> I'm not aware of a way to reproduce this with the ffmpeg binary, however
> >> an API user (e.g. my fuzz-testing-program) can change codecpar->codec_type
> >> and codecpar->codec_id to force decoding a stream with a particular codec.
> >>
> >> However, avcodec_parameters_from_context sets codecpar->block_align to 0
> >> for AVMEDIA_TYPE_VIDEO thus causing the subsequent crash.
> > 
> > hmm, patch is probably ok then
> 
> Pushed.
> 
> What about the similar patches for astdec and westwood_aud?

probably ok too

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Into a blind darkness they enter who follow after the Ignorance,
they as if into a greater darkness enter who devote themselves
to the Knowledge alone. -- Isha Upanishad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20161017/c1415918/attachment.sig>


More information about the ffmpeg-devel mailing list