From patchwork Thu Dec 15 01:19:35 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Cadhalpun X-Patchwork-Id: 1796 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.103.65.86 with SMTP id o83csp482372vsa; Wed, 14 Dec 2016 17:19:45 -0800 (PST) X-Received: by 10.194.22.72 with SMTP id b8mr9076155wjf.124.1481764785322; Wed, 14 Dec 2016 17:19:45 -0800 (PST) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id xx2si57103018wjc.251.2016.12.14.17.19.45; Wed, 14 Dec 2016 17:19:45 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@googlemail.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=QUARANTINE dis=NONE) header.from=googlemail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 38FE6689A71; Thu, 15 Dec 2016 03:19:37 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id A467E689948 for ; Thu, 15 Dec 2016 03:19:30 +0200 (EET) Received: by mail-wm0-f66.google.com with SMTP id g23so2953073wme.1 for ; Wed, 14 Dec 2016 17:19:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=from:subject:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=GTLGMlOZ/LANr1/O3L2dQPbzojFYMoSNYFzsNUEJvOc=; b=bcz2locCaG47X2t3K6arAPDtmXqlwueoc5DYgSonLIdmnjg5Gz7n8KvsGkuvq6MfBD 0lere3dNkcJIYfBxQqow4pPCrK7MXRWKYPHj3m98hleMEhF5CGDEn5g1NZmB1SVyIsRB jwwosuxd2OX/BRattiE6tOmYQMlNWuFm37CSogZTe3vZomvNTZR8aTbnJ2XzjDNHYsH2 +7vI9/OITblDW60eXEomVgp9NDBQ4ibPMPD8pchkZ0Tu/hK+sToE5cH6ZxQ/xPWizWW5 qeb2xIhSL9mWdu7oQrPt6Va1FglYc9uMiycajw6vjXZ40XK/2TrB5SL4n7lzHkK7Y34f Joiw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:references:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=GTLGMlOZ/LANr1/O3L2dQPbzojFYMoSNYFzsNUEJvOc=; b=KEWIZ3HtkqUug+0A/KtGuw9uim/tYGnWpl1Z51QFiSSOoRacwblyPJv6eM0FxQ2qcn +jvawie6B4mGyPAWtwl7l1HcLmguY9g/mY3Uh/XCpE6uMNLmTYt2uYV5WjuDzUPIwlqB vLzMWk593RMQ4nOXNTOsYfGrzxLvuM338/tYOBZnvNGkUqbVo/1FuE2ceUZt0nm9BqsP brDnSz1Dh6YKHvWiMUmd+ZeTOJA8ERXmTCZruYqvKbptv1ExUhoz5E5fE08M84yqWapS 0Y2w4yCVTnQ0cNxz/STFC9N3TECQMjuz/fXOqiMQxoQQ1dmkH0yPhe94ntxaQG/suFmy //9Q== X-Gm-Message-State: AIkVDXJoRIWP2uzrej4polef11EKpVEs8uTstseyqTUyFQDH/h8MMPp7s0atOMYN+sanlw== X-Received: by 10.28.105.81 with SMTP id e78mr191403wmc.140.1481764776089; Wed, 14 Dec 2016 17:19:36 -0800 (PST) Received: from [192.168.2.21] (p5B095A24.dip0.t-ipconnect.de. [91.9.90.36]) by smtp.googlemail.com with ESMTPSA id g184sm10065975wme.23.2016.12.14.17.19.35 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 14 Dec 2016 17:19:35 -0800 (PST) From: Andreas Cadhalpun X-Google-Original-From: Andreas Cadhalpun To: FFmpeg development discussions and patches References: <609c350e-1785-22f4-afeb-169005483a85@googlemail.com> Message-ID: <11e30ac0-1571-8cb2-f1dd-8a0aa1b1e398@googlemail.com> Date: Thu, 15 Dec 2016 02:19:35 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.4.0 MIME-Version: 1.0 In-Reply-To: <609c350e-1785-22f4-afeb-169005483a85@googlemail.com> Subject: [FFmpeg-devel] [PATCH 5/6] nistspheredec: prevent overflow during block alignment, calculation X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Signed-off-by: Andreas Cadhalpun --- libavformat/nistspheredec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavformat/nistspheredec.c b/libavformat/nistspheredec.c index 782d1df..9472e47 100644 --- a/libavformat/nistspheredec.c +++ b/libavformat/nistspheredec.c @@ -80,6 +80,11 @@ static int nist_read_header(AVFormatContext *s) avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate); + if (st->codecpar->channels && st->codecpar->bits_per_coded_sample > INT_MAX / st->codecpar->channels) { + av_log(s, AV_LOG_ERROR, "Overflow during block alignment calculation %d * %d\n", + st->codecpar->bits_per_coded_sample, st->codecpar->channels); + return AVERROR_INVALIDDATA; + } st->codecpar->block_align = st->codecpar->bits_per_coded_sample * st->codecpar->channels / 8; if (avio_tell(s->pb) > header_size)