[FFmpeg-devel] [PATCH 5/9] ircamdec: prevent overflow during block alignment calculation
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Sat Jan 7 00:26:50 EET 2017
On 06.01.2017 22:31, Ronald S. Bultje wrote:
> On Fri, Jan 6, 2017 at 2:48 PM, Andreas Cadhalpun <
> andreas.cadhalpun at googlemail.com> wrote:
>
>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> ---
>> libavformat/ircamdec.c | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/libavformat/ircamdec.c b/libavformat/ircamdec.c
>> index 59f3a49411..f3cf4d0dc9 100644
>> --- a/libavformat/ircamdec.c
>> +++ b/libavformat/ircamdec.c
>> @@ -96,6 +96,7 @@ static int ircam_read_header(AVFormatContext *s)
>> }
>>
>> st->codecpar->bits_per_coded_sample = av_get_bits_per_sample(st->
>> codecpar->codec_id);
>> + FF_RETURN_ON_OVERFLOW(s, st->codecpar->channels &&
>> st->codecpar->bits_per_coded_sample > INT_MAX / st->codecpar->channels)
>> st->codecpar->block_align = st->codecpar->bits_per_coded_sample *
>> st->codecpar->channels / 8;
>> avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate);
>> avio_skip(s->pb, 1008);
>
>
> I see this code a few lines up:
>
> if (!channels || !sample_rate)
> return AVERROR_INVALIDDATA;
>
> So channels == 0 seems impossible to me.
Right, I dropped the check for that.
Best regards,
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0005-ircamdec-prevent-overflow-during-block-alignment-cal.patch
Type: text/x-diff
Size: 1017 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20170106/c8fb115e/attachment.patch>
More information about the ffmpeg-devel
mailing list