Message ID | 56da961b-99da-808b-b283-4579c006728c@googlemail.com |
---|---|
State | New |
Headers | show |
Hi, On Sun, Jan 1, 2017 at 5:51 PM, Andreas Cadhalpun < andreas.cadhalpun@googlemail.com> wrote: > On 01.01.2017 23:23, Ronald S. Bultje wrote: > > On Sun, Jan 1, 2017 at 5:19 PM, Andreas Cadhalpun < > andreas.cadhalpun@googlemail.com <mailto:andreas.cadhalpun@googlemail.com>> > wrote: > > > > The problem was introduced by commit > > 3deb4b54a24f8cddce463d9f5751b01efeb976af. > > > > Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com > <mailto:Andreas.Cadhalpun@googlemail.com>> > > --- > > libavcodec/wmavoice.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c > > index 1bfad46b2e..279b44dc12 100644 > > --- a/libavcodec/wmavoice.c > > +++ b/libavcodec/wmavoice.c > > @@ -1908,7 +1908,7 @@ static int wmavoice_decode_packet(AVCodecContext > *ctx, void *data, > > /* size == ctx->block_align is used to indicate whether we are > dealing with > > * a new packet or a packet of which we already read the packet > header > > * previously. */ > > - if (!(size % ctx->block_align)) { // new packet header > > + if (ctx->block_align && !(size % ctx->block_align)) { // new > packet header > > if (!size) { > > s->spillover_nbits = 0; > > s->nb_superframes = 0; > > -- > > 2.11.0 > > > > > > nak. > > > > The init routine should error out if block_align is zero. > > The codec can not operate without block_align set. > > Fine for me. Patch doing that is attached. LGTM. Ronald
On 02.01.2017 04:09, Ronald S. Bultje wrote: > On Sun, Jan 1, 2017 at 5:51 PM, Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> wrote: > Fine for me. Patch doing that is attached. > > > LGTM. Pushed. Best regards, Andreas
From caec0e9f57ddc2373d3e2cb56ed1e6c3ce0df166 Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Date: Sun, 1 Jan 2017 22:48:38 +0100 Subject: [PATCH] wmavoice: validate block alignment This prevents a division by zero crash in wmavoice_decode_packet. The problem was introduced by commit 3deb4b54a24f8cddce463d9f5751b01efeb976af. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> --- libavcodec/wmavoice.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c index 1bfad46b2e..080ec86b53 100644 --- a/libavcodec/wmavoice.c +++ b/libavcodec/wmavoice.c @@ -388,6 +388,11 @@ static av_cold int wmavoice_decode_init(AVCodecContext *ctx) ctx->extradata_size); return AVERROR_INVALIDDATA; } + if (ctx->block_align <= 0) { + av_log(ctx, AV_LOG_ERROR, "Invalid block alignment %d.\n", ctx->block_align); + return AVERROR_INVALIDDATA; + } + flags = AV_RL32(ctx->extradata + 18); s->spillover_bitsize = 3 + av_ceil_log2(ctx->block_align); s->do_apf = flags & 0x1; -- 2.11.0