diff mbox

[FFmpeg-devel,9/9] xvag: prevent overflow during block alignment calculation

Message ID bf5b2c78-a1f2-9129-8ab7-b90dc860149b@googlemail.com
State Accepted
Headers show

Commit Message

Andreas Cadhalpun Jan. 6, 2017, 7:49 p.m. UTC 
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
---
 libavformat/xvag.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Michael Niedermayer Jan. 7, 2017, 1:52 a.m. UTC | #1 
On Fri, Jan 06, 2017 at 08:49:49PM +0100, Andreas Cadhalpun wrote:
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
> ---
>  libavformat/xvag.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/libavformat/xvag.c b/libavformat/xvag.c
> index 5ef4fb0900..1f28df7b89 100644
> --- a/libavformat/xvag.c
> +++ b/libavformat/xvag.c
> @@ -74,6 +74,7 @@ static int xvag_read_header(AVFormatContext *s)
>      switch (codec) {
>      case 0x1c:
>          st->codecpar->codec_id    = AV_CODEC_ID_ADPCM_PSX;
> +        FF_RETURN_ON_OVERFLOW(s, st->codecpar->channels > INT_MAX / 16)

this check could also be added to
"if (st->codecpar->channels <= 0)" above

[...]
diff mbox

Patch

diff --git a/libavformat/xvag.c b/libavformat/xvag.c
index 5ef4fb0900..1f28df7b89 100644
--- a/libavformat/xvag.c
+++ b/libavformat/xvag.c
@@ -74,6 +74,7 @@  static int xvag_read_header(AVFormatContext *s)
     switch (codec) {
     case 0x1c:
         st->codecpar->codec_id    = AV_CODEC_ID_ADPCM_PSX;
+        FF_RETURN_ON_OVERFLOW(s, st->codecpar->channels > INT_MAX / 16)
         st->codecpar->block_align = 16 * st->codecpar->channels;
         break;
     default: