diff mbox

[FFmpeg-devel,3/6] genh: prevent overflow during block alignment calculation

Message ID 45182d81-6198-042d-ceba-9f3832ec3e06@googlemail.com
State Superseded
Headers show

Commit Message

Andreas Cadhalpun Dec. 15, 2016, 1:18 a.m. UTC 
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
---
 libavformat/genh.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Paul B Mahol Dec. 15, 2016, 9:04 a.m. UTC | #1 
On 12/15/16, Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> wrote:
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
> ---
>  libavformat/genh.c | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/libavformat/genh.c b/libavformat/genh.c
> index b683e02..5684352 100644
> --- a/libavformat/genh.c
> +++ b/libavformat/genh.c
> @@ -74,6 +74,11 @@ static int genh_read_header(AVFormatContext *s)
>      case  0: st->codecpar->codec_id = AV_CODEC_ID_ADPCM_PSX;        break;
>      case  1:
>      case 11: st->codecpar->bits_per_coded_sample = 4;
> +             if (st->codecpar->channels > INT_MAX / 36) {
> +                av_log(s, AV_LOG_ERROR, "Overflow during block alignment
> calculation 36 * %d\n",
> +                       st->codecpar->channels);
> +                return AVERROR_INVALIDDATA;
> +             }
>               st->codecpar->block_align = 36 * st->codecpar->channels;
>               st->codecpar->codec_id = AV_CODEC_ID_ADPCM_IMA_WAV;    break;
>      case  2: st->codecpar->codec_id = AV_CODEC_ID_ADPCM_DTK;        break;
> --
> 2.10.2
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>

AFAIK codec supports only 1 or 2 channels and nothing more, but patch
if fine anyway.
diff mbox

Patch

diff --git a/libavformat/genh.c b/libavformat/genh.c
index b683e02..5684352 100644
--- a/libavformat/genh.c
+++ b/libavformat/genh.c
@@ -74,6 +74,11 @@  static int genh_read_header(AVFormatContext *s)
     case  0: st->codecpar->codec_id = AV_CODEC_ID_ADPCM_PSX;        break;
     case  1:
     case 11: st->codecpar->bits_per_coded_sample = 4;
+             if (st->codecpar->channels > INT_MAX / 36) {
+                av_log(s, AV_LOG_ERROR, "Overflow during block alignment calculation 36 * %d\n",
+                       st->codecpar->channels);
+                return AVERROR_INVALIDDATA;
+             }
              st->codecpar->block_align = 36 * st->codecpar->channels;
              st->codecpar->codec_id = AV_CODEC_ID_ADPCM_IMA_WAV;    break;
     case  2: st->codecpar->codec_id = AV_CODEC_ID_ADPCM_DTK;        break;