[FFmpeg-devel,4/6] ircamdec: prevent overflow during block alignment, calculation

Submitted by Andreas Cadhalpun on Dec. 15, 2016, 1:19 a.m.

Details

Message ID 13cf291c-d1e9-0071-0f31-710eff0d0c19@googlemail.com
State New
Headers show

Commit Message

Andreas Cadhalpun Dec. 15, 2016, 1:19 a.m.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
---
 libavformat/ircamdec.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Paul B Mahol Dec. 15, 2016, 9:05 a.m.
On 12/15/16, Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> wrote:
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
> ---
>  libavformat/ircamdec.c | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/libavformat/ircamdec.c b/libavformat/ircamdec.c
> index 59f3a49..3efc2b4 100644
> --- a/libavformat/ircamdec.c
> +++ b/libavformat/ircamdec.c
> @@ -96,6 +96,11 @@ static int ircam_read_header(AVFormatContext *s)
>      }
>
>      st->codecpar->bits_per_coded_sample =
> av_get_bits_per_sample(st->codecpar->codec_id);
> +    if (st->codecpar->channels && st->codecpar->bits_per_coded_sample >
> INT_MAX / st->codecpar->channels) {
> +        av_log(s, AV_LOG_ERROR, "Overflow during block alignment
> calculation %d * %d\n",
> +               st->codecpar->bits_per_coded_sample,
> st->codecpar->channels);
> +        return AVERROR_INVALIDDATA;
> +    }
>      st->codecpar->block_align = st->codecpar->bits_per_coded_sample *
> st->codecpar->channels / 8;
>      avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate);
>      avio_skip(s->pb, 1008);
> --
> 2.10.2
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>

ok

Patch hide | download patch | download mbox

diff --git a/libavformat/ircamdec.c b/libavformat/ircamdec.c
index 59f3a49..3efc2b4 100644
--- a/libavformat/ircamdec.c
+++ b/libavformat/ircamdec.c
@@ -96,6 +96,11 @@  static int ircam_read_header(AVFormatContext *s)
     }
 
     st->codecpar->bits_per_coded_sample = av_get_bits_per_sample(st->codecpar->codec_id);
+    if (st->codecpar->channels && st->codecpar->bits_per_coded_sample > INT_MAX / st->codecpar->channels) {
+        av_log(s, AV_LOG_ERROR, "Overflow during block alignment calculation %d * %d\n",
+               st->codecpar->bits_per_coded_sample, st->codecpar->channels);
+        return AVERROR_INVALIDDATA;
+    }
     st->codecpar->block_align = st->codecpar->bits_per_coded_sample * st->codecpar->channels / 8;
     avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate);
     avio_skip(s->pb, 1008);