| Message ID | 1e1bc327-9adf-4d35-ed43-5da07f4c2971@googlemail.com |
|---|---|
| State | Accepted |
| Commit | de4ded06366e5767d0af277a61d9a56b8c8f9c19 |
| Headers | show |
On Thu, Nov 17, 2016 at 10:52:30PM +0100, Andreas Cadhalpun wrote: > This fixes division by zero crashes. > > Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> > --- > libavformat/rmdec.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c > index d175862..4d56529 100644 > --- a/libavformat/rmdec.c > +++ b/libavformat/rmdec.c > @@ -934,6 +934,10 @@ ff_rm_parse_packet (AVFormatContext *s, AVIOContext *pb, > > ast->sub_packet_cnt = 0; > rm->audio_stream_num = st->index; > + if (st->codecpar->block_align <= 0) { > + av_log(s, AV_LOG_ERROR, "Invalid block alignment %d\n", st->codecpar->block_align); > + return AVERROR_INVALIDDATA; > + } > rm->audio_pkt_cnt = h * w / st->codecpar->block_align; indention looks odd also i think this is already checked in rm_read_audio_stream_info() is that check somehow broken ? [...]
On 18.11.2016 02:44, Michael Niedermayer wrote: > On Thu, Nov 17, 2016 at 10:52:30PM +0100, Andreas Cadhalpun wrote: >> This fixes division by zero crashes. >> >> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> >> --- >> libavformat/rmdec.c | 4 ++++ >> 1 file changed, 4 insertions(+) >> >> diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c >> index d175862..4d56529 100644 >> --- a/libavformat/rmdec.c >> +++ b/libavformat/rmdec.c >> @@ -934,6 +934,10 @@ ff_rm_parse_packet (AVFormatContext *s, AVIOContext *pb, >> >> ast->sub_packet_cnt = 0; >> rm->audio_stream_num = st->index; >> + if (st->codecpar->block_align <= 0) { >> + av_log(s, AV_LOG_ERROR, "Invalid block alignment %d\n", st->codecpar->block_align); >> + return AVERROR_INVALIDDATA; >> + } >> rm->audio_pkt_cnt = h * w / st->codecpar->block_align; > > indention looks odd That's because the two lines above and the line below are indented one space too much. > also i think this is already checked in rm_read_audio_stream_info() is > that check somehow broken ? That check is fine, but the codecpar can be changed by the API user, e.g. when forcing a particular codec_id. Best regards, Andreas
On Fri, Nov 18, 2016 at 10:37:36PM +0100, Andreas Cadhalpun wrote: > On 18.11.2016 02:44, Michael Niedermayer wrote: > > On Thu, Nov 17, 2016 at 10:52:30PM +0100, Andreas Cadhalpun wrote: > >> This fixes division by zero crashes. > >> > >> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> > >> --- > >> libavformat/rmdec.c | 4 ++++ > >> 1 file changed, 4 insertions(+) > >> > >> diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c > >> index d175862..4d56529 100644 > >> --- a/libavformat/rmdec.c > >> +++ b/libavformat/rmdec.c > >> @@ -934,6 +934,10 @@ ff_rm_parse_packet (AVFormatContext *s, AVIOContext *pb, > >> > >> ast->sub_packet_cnt = 0; > >> rm->audio_stream_num = st->index; > >> + if (st->codecpar->block_align <= 0) { > >> + av_log(s, AV_LOG_ERROR, "Invalid block alignment %d\n", st->codecpar->block_align); > >> + return AVERROR_INVALIDDATA; > >> + } > >> rm->audio_pkt_cnt = h * w / st->codecpar->block_align; > > > > indention looks odd > > That's because the two lines above and the line below are indented one > space too much. > > > also i think this is already checked in rm_read_audio_stream_info() is > > that check somehow broken ? > > That check is fine, but the codecpar can be changed by the API user, > e.g. when forcing a particular codec_id. patch probably ok [...]
On 23.11.2016 00:47, Michael Niedermayer wrote: > On Fri, Nov 18, 2016 at 10:37:36PM +0100, Andreas Cadhalpun wrote: >> On 18.11.2016 02:44, Michael Niedermayer wrote: >>> On Thu, Nov 17, 2016 at 10:52:30PM +0100, Andreas Cadhalpun wrote: >>>> This fixes division by zero crashes. >>>> >>>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> >>>> --- >>>> libavformat/rmdec.c | 4 ++++ >>>> 1 file changed, 4 insertions(+) >>>> >>>> diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c >>>> index d175862..4d56529 100644 >>>> --- a/libavformat/rmdec.c >>>> +++ b/libavformat/rmdec.c >>>> @@ -934,6 +934,10 @@ ff_rm_parse_packet (AVFormatContext *s, AVIOContext *pb, >>>> >>>> ast->sub_packet_cnt = 0; >>>> rm->audio_stream_num = st->index; >>>> + if (st->codecpar->block_align <= 0) { >>>> + av_log(s, AV_LOG_ERROR, "Invalid block alignment %d\n", st->codecpar->block_align); >>>> + return AVERROR_INVALIDDATA; >>>> + } >>>> rm->audio_pkt_cnt = h * w / st->codecpar->block_align; >>> >>> indention looks odd >> >> That's because the two lines above and the line below are indented one >> space too much. >> >>> also i think this is already checked in rm_read_audio_stream_info() is >>> that check somehow broken ? >> >> That check is fine, but the codecpar can be changed by the API user, >> e.g. when forcing a particular codec_id. > > patch probably ok Pushed. Best regards, Andreas
diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index d175862..4d56529 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -934,6 +934,10 @@ ff_rm_parse_packet (AVFormatContext *s, AVIOContext *pb, ast->sub_packet_cnt = 0; rm->audio_stream_num = st->index; + if (st->codecpar->block_align <= 0) { + av_log(s, AV_LOG_ERROR, "Invalid block alignment %d\n", st->codecpar->block_align); + return AVERROR_INVALIDDATA; + } rm->audio_pkt_cnt = h * w / st->codecpar->block_align; } else if ((ast->deint_id == DEINT_ID_VBRF) || (ast->deint_id == DEINT_ID_VBRS)) {
This fixes division by zero crashes. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> --- libavformat/rmdec.c | 4 ++++ 1 file changed, 4 insertions(+)