diff mbox

[FFmpeg-devel,5/6] nistspheredec: prevent overflow during block alignment, calculation

Message ID 11e30ac0-1571-8cb2-f1dd-8a0aa1b1e398@googlemail.com
State New
Headers show

Commit Message

Andreas Cadhalpun Dec. 15, 2016, 1:19 a.m. UTC 
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
---
 libavformat/nistspheredec.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Paul B Mahol Dec. 15, 2016, 9:07 a.m. UTC | #1 
On 12/15/16, Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> wrote:
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
> ---
>  libavformat/nistspheredec.c | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/libavformat/nistspheredec.c b/libavformat/nistspheredec.c
> index 782d1df..9472e47 100644
> --- a/libavformat/nistspheredec.c
> +++ b/libavformat/nistspheredec.c
> @@ -80,6 +80,11 @@ static int nist_read_header(AVFormatContext *s)
>
>              avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate);
>
> +            if (st->codecpar->channels &&
> st->codecpar->bits_per_coded_sample > INT_MAX / st->codecpar->channels) {
> +                av_log(s, AV_LOG_ERROR, "Overflow during block alignment
> calculation %d * %d\n",
> +                       st->codecpar->bits_per_coded_sample,
> st->codecpar->channels);
> +                return AVERROR_INVALIDDATA;
> +            }
>              st->codecpar->block_align = st->codecpar->bits_per_coded_sample
> * st->codecpar->channels / 8;
>
>              if (avio_tell(s->pb) > header_size)
> --
> 2.10.2
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>

ok
diff mbox

Patch

diff --git a/libavformat/nistspheredec.c b/libavformat/nistspheredec.c
index 782d1df..9472e47 100644
--- a/libavformat/nistspheredec.c
+++ b/libavformat/nistspheredec.c
@@ -80,6 +80,11 @@  static int nist_read_header(AVFormatContext *s)
 
             avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate);
 
+            if (st->codecpar->channels && st->codecpar->bits_per_coded_sample > INT_MAX / st->codecpar->channels) {
+                av_log(s, AV_LOG_ERROR, "Overflow during block alignment calculation %d * %d\n",
+                       st->codecpar->bits_per_coded_sample, st->codecpar->channels);
+                return AVERROR_INVALIDDATA;
+            }
             st->codecpar->block_align = st->codecpar->bits_per_coded_sample * st->codecpar->channels / 8;
 
             if (avio_tell(s->pb) > header_size)