| Message ID | 609c350e-1785-22f4-afeb-169005483a85@googlemail.com |
|---|---|
| State | Superseded |
| Headers | show |
On Thu, Dec 15, 2016 at 02:18:17AM +0100, Andreas Cadhalpun wrote: > Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> > --- > libavformat/4xm.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/libavformat/4xm.c b/libavformat/4xm.c > index 2758b69..308d889 100644 > --- a/libavformat/4xm.c > +++ b/libavformat/4xm.c > @@ -187,6 +187,11 @@ static int parse_strk(AVFormatContext *s, > st->codecpar->bit_rate = (int64_t)st->codecpar->channels * > st->codecpar->sample_rate * > st->codecpar->bits_per_coded_sample; > + if (st->codecpar->channels && st->codecpar->bits_per_coded_sample > INT_MAX / st->codecpar->channels) { > + av_log(s, AV_LOG_ERROR, "Overflow during block alignment calculation %d * %d\n", > + st->codecpar->channels, st->codecpar->bits_per_coded_sample); > + return AVERROR_INVALIDDATA; > + } > st->codecpar->block_align = st->codecpar->channels * > st->codecpar->bits_per_coded_sample; should be ok, alternatively the parameters could be limited tighter, they would need to be unrealistically large for an overflow thx [...]
diff --git a/libavformat/4xm.c b/libavformat/4xm.c index 2758b69..308d889 100644 --- a/libavformat/4xm.c +++ b/libavformat/4xm.c @@ -187,6 +187,11 @@ static int parse_strk(AVFormatContext *s, st->codecpar->bit_rate = (int64_t)st->codecpar->channels * st->codecpar->sample_rate * st->codecpar->bits_per_coded_sample; + if (st->codecpar->channels && st->codecpar->bits_per_coded_sample > INT_MAX / st->codecpar->channels) { + av_log(s, AV_LOG_ERROR, "Overflow during block alignment calculation %d * %d\n", + st->codecpar->channels, st->codecpar->bits_per_coded_sample); + return AVERROR_INVALIDDATA; + } st->codecpar->block_align = st->codecpar->channels * st->codecpar->bits_per_coded_sample;
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> --- libavformat/4xm.c | 5 +++++ 1 file changed, 5 insertions(+)