| Message ID | 1cd2cebb-86ff-37f5-cdda-bf72cb58fe0f@googlemail.com |
|---|---|
| State | New |
| Headers | show |
Hi, On Wed, Dec 14, 2016 at 8:19 PM, Andreas Cadhalpun < andreas.cadhalpun@googlemail.com> wrote: > Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> > --- > libavformat/pvfdec.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/libavformat/pvfdec.c b/libavformat/pvfdec.c > index b9f6d4f..5eecc22 100644 > --- a/libavformat/pvfdec.c > +++ b/libavformat/pvfdec.c > @@ -56,6 +56,11 @@ static int pvf_read_header(AVFormatContext *s) > st->codecpar->sample_rate = sample_rate; > st->codecpar->codec_id = ff_get_pcm_codec_id(bps, 0, 1, 0xFFFF); > st->codecpar->bits_per_coded_sample = bps; > + if (bps > INT_MAX / st->codecpar->channels) { > + av_log(s, AV_LOG_ERROR, "Overflow during block alignment > calculation %d * %d\n", > + bps, st->codecpar->channels); > + return AVERROR_INVALIDDATA; > + } And this is what I meant. Please stop. No. No. No. No. No. Not in codec code. Add these checks in generic code if you care about the outcome, but please don't make each codec a crapshoot like this. Please. From a maintenance point of view, that's a much better approach. Please stop for a second and think about my point of view here. I beg you. Please. Ronald
diff --git a/libavformat/pvfdec.c b/libavformat/pvfdec.c index b9f6d4f..5eecc22 100644 --- a/libavformat/pvfdec.c +++ b/libavformat/pvfdec.c @@ -56,6 +56,11 @@ static int pvf_read_header(AVFormatContext *s) st->codecpar->sample_rate = sample_rate; st->codecpar->codec_id = ff_get_pcm_codec_id(bps, 0, 1, 0xFFFF); st->codecpar->bits_per_coded_sample = bps; + if (bps > INT_MAX / st->codecpar->channels) { + av_log(s, AV_LOG_ERROR, "Overflow during block alignment calculation %d * %d\n", + bps, st->codecpar->channels); + return AVERROR_INVALIDDATA; + } st->codecpar->block_align = bps * st->codecpar->channels / 8; avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate);
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> --- libavformat/pvfdec.c | 5 +++++ 1 file changed, 5 insertions(+)