| Message ID | 20180706210947.2585-1-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | 3a2d21bc5f97aa0161db3ae731fc2732be6108b8 |
| Headers | show |
Hi Michael, On Fri, Jul 6, 2018 at 2:09 PM, Michael Niedermayer <michael@niedermayer.cc> wrote: > Fixes: division by 0 > Fixes: fpe_movenc.c_199_1.wav > Fixes: fpe_movenc.c_199_2.wav > Fixes: fpe_movenc.c_199_3.wav > Fixes: fpe_movenc.c_199_4.wav > Fixes: fpe_movenc.c_199_5.wav > Fixes: fpe_movenc.c_199_6.wav > Fixes: fpe_movenc.c_199_7.wav > > Found-by: #CHEN HONGXU# <HCHEN017@e.ntu.edu.sg> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/movenc.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/libavformat/movenc.c b/libavformat/movenc.c > index fe0a244a8f..78291a9adc 100644 > --- a/libavformat/movenc.c > +++ b/libavformat/movenc.c > @@ -5269,6 +5269,11 @@ int ff_mov_write_packet(AVFormatContext *s, > AVPacket *pkt) > else > samples_in_chunk = 1; > > + if (samples_in_chunk < 1) { > + av_log(s, AV_LOG_ERROR, "fatal error, input packet contains no > samples\n"); > + return AVERROR_PATCHWELCOME; > + } > + Since "samples_in_chunk" is set to 1 just above, maybe the check can be moved earlier ? It's nitpick though.
On Fri, Jul 06, 2018 at 02:24:45PM -0700, Baptiste Coudurier wrote: > Hi Michael, > > On Fri, Jul 6, 2018 at 2:09 PM, Michael Niedermayer <michael@niedermayer.cc> > wrote: > > > Fixes: division by 0 > > Fixes: fpe_movenc.c_199_1.wav > > Fixes: fpe_movenc.c_199_2.wav > > Fixes: fpe_movenc.c_199_3.wav > > Fixes: fpe_movenc.c_199_4.wav > > Fixes: fpe_movenc.c_199_5.wav > > Fixes: fpe_movenc.c_199_6.wav > > Fixes: fpe_movenc.c_199_7.wav > > > > Found-by: #CHEN HONGXU# <HCHEN017@e.ntu.edu.sg> > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavformat/movenc.c | 5 +++++ > > 1 file changed, 5 insertions(+) > > > > diff --git a/libavformat/movenc.c b/libavformat/movenc.c > > index fe0a244a8f..78291a9adc 100644 > > --- a/libavformat/movenc.c > > +++ b/libavformat/movenc.c > > @@ -5269,6 +5269,11 @@ int ff_mov_write_packet(AVFormatContext *s, > > AVPacket *pkt) > > else > > samples_in_chunk = 1; > > > > + if (samples_in_chunk < 1) { > > + av_log(s, AV_LOG_ERROR, "fatal error, input packet contains no > > samples\n"); > > + return AVERROR_PATCHWELCOME; > > + } > > + > > > Since "samples_in_chunk" is set to 1 just above, maybe the check can be > moved earlier ? the code before the else contains a few else if() from a quick look it seems plausible that multiple could reach samples_in_chunk=0 [...]
On Sat, Jul 07, 2018 at 02:46:35AM +0200, Michael Niedermayer wrote: > On Fri, Jul 06, 2018 at 02:24:45PM -0700, Baptiste Coudurier wrote: > > Hi Michael, > > > > On Fri, Jul 6, 2018 at 2:09 PM, Michael Niedermayer <michael@niedermayer.cc> > > wrote: > > > > > Fixes: division by 0 > > > Fixes: fpe_movenc.c_199_1.wav > > > Fixes: fpe_movenc.c_199_2.wav > > > Fixes: fpe_movenc.c_199_3.wav > > > Fixes: fpe_movenc.c_199_4.wav > > > Fixes: fpe_movenc.c_199_5.wav > > > Fixes: fpe_movenc.c_199_6.wav > > > Fixes: fpe_movenc.c_199_7.wav > > > > > > Found-by: #CHEN HONGXU# <HCHEN017@e.ntu.edu.sg> > > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > > --- > > > libavformat/movenc.c | 5 +++++ > > > 1 file changed, 5 insertions(+) > > > > > > diff --git a/libavformat/movenc.c b/libavformat/movenc.c > > > index fe0a244a8f..78291a9adc 100644 > > > --- a/libavformat/movenc.c > > > +++ b/libavformat/movenc.c > > > @@ -5269,6 +5269,11 @@ int ff_mov_write_packet(AVFormatContext *s, > > > AVPacket *pkt) > > > else > > > samples_in_chunk = 1; > > > > > > + if (samples_in_chunk < 1) { > > > + av_log(s, AV_LOG_ERROR, "fatal error, input packet contains no > > > samples\n"); > > > + return AVERROR_PATCHWELCOME; > > > + } > > > + > > > > > > Since "samples_in_chunk" is set to 1 just above, maybe the check can be > > moved earlier ? > > the code before the else contains a few else if() > from a quick look it seems plausible that multiple could reach > samples_in_chunk=0 will apply thx [...]
diff --git a/libavformat/movenc.c b/libavformat/movenc.c index fe0a244a8f..78291a9adc 100644 --- a/libavformat/movenc.c +++ b/libavformat/movenc.c @@ -5269,6 +5269,11 @@ int ff_mov_write_packet(AVFormatContext *s, AVPacket *pkt) else samples_in_chunk = 1; + if (samples_in_chunk < 1) { + av_log(s, AV_LOG_ERROR, "fatal error, input packet contains no samples\n"); + return AVERROR_PATCHWELCOME; + } + /* copy extradata if it exists */ if (trk->vos_len == 0 && par->extradata_size > 0 && !TAG_IS_AVCI(trk->tag) &&
Fixes: division by 0 Fixes: fpe_movenc.c_199_1.wav Fixes: fpe_movenc.c_199_2.wav Fixes: fpe_movenc.c_199_3.wav Fixes: fpe_movenc.c_199_4.wav Fixes: fpe_movenc.c_199_5.wav Fixes: fpe_movenc.c_199_6.wav Fixes: fpe_movenc.c_199_7.wav Found-by: #CHEN HONGXU# <HCHEN017@e.ntu.edu.sg> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/movenc.c | 5 +++++ 1 file changed, 5 insertions(+)