diff mbox

[FFmpeg-devel] dcstr: fix division by zero

Message ID b47cfd80-3480-65c6-3686-35eb34be3a9a@googlemail.com
State Superseded
Headers show

Commit Message

Andreas Cadhalpun Oct. 19, 2016, 8:41 p.m. UTC 
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
---
 libavformat/dcstr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Michael Niedermayer Oct. 20, 2016, 12:59 a.m. UTC | #1 
On Wed, Oct 19, 2016 at 10:41:22PM +0200, Andreas Cadhalpun wrote:
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
> ---
>  libavformat/dcstr.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libavformat/dcstr.c b/libavformat/dcstr.c
> index 69fae41..d5d2281 100644
> --- a/libavformat/dcstr.c
> +++ b/libavformat/dcstr.c
> @@ -47,7 +47,7 @@ static int dcstr_read_header(AVFormatContext *s)
>      avio_skip(s->pb, 4);
>      st->duration           = avio_rl32(s->pb);

>      st->codecpar->channels   *= avio_rl32(s->pb);

This here can overflow and needs a check


> -    if (!align || align > INT_MAX / st->codecpar->channels)
> +    if (!align || !st->codecpar->channels || align > INT_MAX / st->codecpar->channels)
>          return AVERROR_INVALIDDATA;

might need a <0 check too should be ok otherwise

[...]
diff mbox

Patch

diff --git a/libavformat/dcstr.c b/libavformat/dcstr.c
index 69fae41..d5d2281 100644
--- a/libavformat/dcstr.c
+++ b/libavformat/dcstr.c
@@ -47,7 +47,7 @@  static int dcstr_read_header(AVFormatContext *s)
     avio_skip(s->pb, 4);
     st->duration           = avio_rl32(s->pb);
     st->codecpar->channels   *= avio_rl32(s->pb);
-    if (!align || align > INT_MAX / st->codecpar->channels)
+    if (!align || !st->codecpar->channels || align > INT_MAX / st->codecpar->channels)
         return AVERROR_INVALIDDATA;
     st->codecpar->block_align = align * st->codecpar->channels;