Message ID | 38f981e9-5259-6197-3589-bd30d7238811@googlemail.com |
---|---|
State | Accepted |
Headers | show |
On Fri, Jan 06, 2017 at 09:27:29PM +0100, Andreas Cadhalpun wrote: > On 06.01.2017 20:58, Ronald S. Bultje wrote: > > Hi, > > > > On Fri, Jan 6, 2017 at 2:47 PM, Andreas Cadhalpun < > > andreas.cadhalpun@googlemail.com> wrote: > > > >> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> > >> --- > >> libavformat/4xm.c | 1 + > >> 1 file changed, 1 insertion(+) > >> > >> diff --git a/libavformat/4xm.c b/libavformat/4xm.c > >> index 2758b69d29..45949c4e97 100644 > >> --- a/libavformat/4xm.c > >> +++ b/libavformat/4xm.c > >> @@ -187,6 +187,7 @@ static int parse_strk(AVFormatContext *s, > >> st->codecpar->bit_rate = (int64_t)st->codecpar->channels > >> * > >> st->codecpar->sample_rate * > >> st->codecpar->bits_per_coded_ > >> sample; > >> + FF_RETURN_ON_OVERFLOW(s, st->codecpar->channels && > >> st->codecpar->bits_per_coded_sample > INT_MAX / st->codecpar->channels) > >> st->codecpar->block_align = st->codecpar->channels * > >> st->codecpar->bits_per_coded_ > >> sample; > >> > >> -- > >> 2.11.0 > > > > > > To an innocent reader (who doesn't know/care about SIGFPE), this might look > > like channels = 0 is an actual valid decoder condition that is explicitly > > handled here. > > Actually this function errors out earlier if channels is zero, so I've removed > this pointless additional check. Updated patch is attached. > > Best regards, > Andreas > > > 4xm.c | 1 + > 1 file changed, 1 insertion(+) > 4b27cb10f25865014fac1666956f7040d65113f9 0002-4xm-prevent-overflow-during-block-alignment-calculat.patch > From 861b62eec30feaa56b10eec7ba4029daf48a3c28 Mon Sep 17 00:00:00 2001 > From: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> > Date: Thu, 15 Dec 2016 02:14:31 +0100 > Subject: [PATCH 2/9] 4xm: prevent overflow during block alignment calculation > > Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> > --- > libavformat/4xm.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/libavformat/4xm.c b/libavformat/4xm.c > index 2758b69d29..58729fed0d 100644 > --- a/libavformat/4xm.c > +++ b/libavformat/4xm.c > @@ -187,6 +187,7 @@ static int parse_strk(AVFormatContext *s, > st->codecpar->bit_rate = (int64_t)st->codecpar->channels * > st->codecpar->sample_rate * > st->codecpar->bits_per_coded_sample; > + FF_RETURN_ON_OVERFLOW(s, st->codecpar->bits_per_coded_sample > INT_MAX / st->codecpar->channels) > st->codecpar->block_align = st->codecpar->channels * > st->codecpar->bits_per_coded_sample; i think we should check channels for > 8 or something and ask for a sample and check bits_per_coded_sample against what maximal sensible value of bits a sample and ask for a sample if above the patch should be ok thx [...]
On 07.01.2017 02:31, Michael Niedermayer wrote: > On Fri, Jan 06, 2017 at 09:27:29PM +0100, Andreas Cadhalpun wrote: >> 4xm.c | 1 + >> 1 file changed, 1 insertion(+) >> 4b27cb10f25865014fac1666956f7040d65113f9 0002-4xm-prevent-overflow-during-block-alignment-calculat.patch >> From 861b62eec30feaa56b10eec7ba4029daf48a3c28 Mon Sep 17 00:00:00 2001 >> From: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> >> Date: Thu, 15 Dec 2016 02:14:31 +0100 >> Subject: [PATCH 2/9] 4xm: prevent overflow during block alignment calculation >> >> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> >> --- >> libavformat/4xm.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/libavformat/4xm.c b/libavformat/4xm.c >> index 2758b69d29..58729fed0d 100644 >> --- a/libavformat/4xm.c >> +++ b/libavformat/4xm.c >> @@ -187,6 +187,7 @@ static int parse_strk(AVFormatContext *s, >> st->codecpar->bit_rate = (int64_t)st->codecpar->channels * >> st->codecpar->sample_rate * >> st->codecpar->bits_per_coded_sample; >> + FF_RETURN_ON_OVERFLOW(s, st->codecpar->bits_per_coded_sample > INT_MAX / st->codecpar->channels) >> st->codecpar->block_align = st->codecpar->channels * >> st->codecpar->bits_per_coded_sample; > > i think we should check channels for > 8 or something and ask for a > sample and check bits_per_coded_sample against what maximal sensible > value of bits a sample and ask for a sample if above Actually avcodec_open2 already errors out if channels is larger than FF_SANE_NB_CHANNELS = 64. That check can already be done in the demuxer. Then defining INT_MAX / 64 as maximal sensible value of bits_per_coded_sample eliminates the need for FF_RETURN_ON_OVERFLOW checks. I'll send an updated patch series. Best regards, Andreas
From 861b62eec30feaa56b10eec7ba4029daf48a3c28 Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Date: Thu, 15 Dec 2016 02:14:31 +0100 Subject: [PATCH 2/9] 4xm: prevent overflow during block alignment calculation Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> --- libavformat/4xm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/4xm.c b/libavformat/4xm.c index 2758b69d29..58729fed0d 100644 --- a/libavformat/4xm.c +++ b/libavformat/4xm.c @@ -187,6 +187,7 @@ static int parse_strk(AVFormatContext *s, st->codecpar->bit_rate = (int64_t)st->codecpar->channels * st->codecpar->sample_rate * st->codecpar->bits_per_coded_sample; + FF_RETURN_ON_OVERFLOW(s, st->codecpar->bits_per_coded_sample > INT_MAX / st->codecpar->channels) st->codecpar->block_align = st->codecpar->channels * st->codecpar->bits_per_coded_sample; -- 2.11.0