| Message ID | b2d1f534-6615-2543-6a52-782cbe58072b@googlemail.com |
|---|---|
| State | Accepted |
| Commit | 076c3a9fa23ca2b0dd167a087ab1e4fb4357a31b |
| Headers | show |
On Wed, Dec 14, 2016 at 01:58:35AM +0100, Andreas Cadhalpun wrote: > Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> > --- > libavformat/mov.c | 15 ++++++++++++++- > 1 file changed, 14 insertions(+), 1 deletion(-) > > diff --git a/libavformat/mov.c b/libavformat/mov.c > index 6c8affc..fc0b25c 100644 > --- a/libavformat/mov.c > +++ b/libavformat/mov.c > @@ -5887,8 +5887,15 @@ static int mov_read_header(AVFormatContext *s) > for (i = 0; i < s->nb_streams; i++) { > AVStream *st = s->streams[i]; > MOVStreamContext *sc = st->priv_data; > - if (st->duration > 0) > + if (st->duration > 0) { > + if (sc->data_size > INT64_MAX / sc->time_scale / 8) { > + av_log(s, AV_LOG_ERROR, "Overflow during bit rate calculation %"PRId64" * 8 * %d\n", > + sc->data_size, sc->time_scale); > + mov_read_close(s); > + return AVERROR_INVALIDDATA; > + } > st->codecpar->bit_rate = sc->data_size * 8 * sc->time_scale / st->duration; > + } > } > } > > @@ -5897,6 +5904,12 @@ static int mov_read_header(AVFormatContext *s) > AVStream *st = s->streams[i]; > MOVStreamContext *sc = st->priv_data; > if (sc->duration_for_fps > 0) { > + if (sc->data_size > INT64_MAX / sc->time_scale / 8) { > + av_log(s, AV_LOG_ERROR, "Overflow during bit rate calculation %"PRId64" * 8 * %d\n", > + sc->data_size, sc->time_scale); > + mov_read_close(s); > + return AVERROR_INVALIDDATA; > + } > st->codecpar->bit_rate = sc->data_size * 8 * sc->time_scale / > sc->duration_for_fps; maybe this can be factored somehow but either way probably ok thx [...]
On 14.12.2016 04:24, Michael Niedermayer wrote: > On Wed, Dec 14, 2016 at 01:58:35AM +0100, Andreas Cadhalpun wrote: >> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> >> --- >> libavformat/mov.c | 15 ++++++++++++++- >> 1 file changed, 14 insertions(+), 1 deletion(-) >> >> diff --git a/libavformat/mov.c b/libavformat/mov.c >> index 6c8affc..fc0b25c 100644 >> --- a/libavformat/mov.c >> +++ b/libavformat/mov.c >> @@ -5887,8 +5887,15 @@ static int mov_read_header(AVFormatContext *s) >> for (i = 0; i < s->nb_streams; i++) { >> AVStream *st = s->streams[i]; >> MOVStreamContext *sc = st->priv_data; >> - if (st->duration > 0) >> + if (st->duration > 0) { >> + if (sc->data_size > INT64_MAX / sc->time_scale / 8) { >> + av_log(s, AV_LOG_ERROR, "Overflow during bit rate calculation %"PRId64" * 8 * %d\n", >> + sc->data_size, sc->time_scale); >> + mov_read_close(s); >> + return AVERROR_INVALIDDATA; >> + } >> st->codecpar->bit_rate = sc->data_size * 8 * sc->time_scale / st->duration; >> + } >> } >> } >> >> @@ -5897,6 +5904,12 @@ static int mov_read_header(AVFormatContext *s) >> AVStream *st = s->streams[i]; >> MOVStreamContext *sc = st->priv_data; >> if (sc->duration_for_fps > 0) { >> + if (sc->data_size > INT64_MAX / sc->time_scale / 8) { >> + av_log(s, AV_LOG_ERROR, "Overflow during bit rate calculation %"PRId64" * 8 * %d\n", >> + sc->data_size, sc->time_scale); >> + mov_read_close(s); >> + return AVERROR_INVALIDDATA; >> + } >> st->codecpar->bit_rate = sc->data_size * 8 * sc->time_scale / >> sc->duration_for_fps; > > maybe this can be factored somehow This is just twice, so factoring out isn't really worth it. (The really repetitive stuff of validating codec parameters will be factored out properly, but that's still work in progress.) > but either way probably ok Pushed. Best regards, Andreas
diff --git a/libavformat/mov.c b/libavformat/mov.c index 6c8affc..fc0b25c 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -5887,8 +5887,15 @@ static int mov_read_header(AVFormatContext *s) for (i = 0; i < s->nb_streams; i++) { AVStream *st = s->streams[i]; MOVStreamContext *sc = st->priv_data; - if (st->duration > 0) + if (st->duration > 0) { + if (sc->data_size > INT64_MAX / sc->time_scale / 8) { + av_log(s, AV_LOG_ERROR, "Overflow during bit rate calculation %"PRId64" * 8 * %d\n", + sc->data_size, sc->time_scale); + mov_read_close(s); + return AVERROR_INVALIDDATA; + } st->codecpar->bit_rate = sc->data_size * 8 * sc->time_scale / st->duration; + } } } @@ -5897,6 +5904,12 @@ static int mov_read_header(AVFormatContext *s) AVStream *st = s->streams[i]; MOVStreamContext *sc = st->priv_data; if (sc->duration_for_fps > 0) { + if (sc->data_size > INT64_MAX / sc->time_scale / 8) { + av_log(s, AV_LOG_ERROR, "Overflow during bit rate calculation %"PRId64" * 8 * %d\n", + sc->data_size, sc->time_scale); + mov_read_close(s); + return AVERROR_INVALIDDATA; + } st->codecpar->bit_rate = sc->data_size * 8 * sc->time_scale / sc->duration_for_fps; }
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> --- libavformat/mov.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-)