From patchwork Thu Dec 15 01:18:17 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
X-Patchwork-Id: 1795
Delivered-To: ffmpegpatchwork@gmail.com
Received: by 10.103.65.86 with SMTP id o83csp481917vsa;
	Wed, 14 Dec 2016 17:18:28 -0800 (PST)
X-Received: by 10.28.52.201 with SMTP id b192mr170354wma.118.1481764708097;
	Wed, 14 Dec 2016 17:18:28 -0800 (PST)
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
	by mx.google.com with ESMTP id
	n6si57180933wjk.207.2016.12.14.17.18.27;
	Wed, 14 Dec 2016 17:18:28 -0800 (PST)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
	dkim=neutral (body hash did not verify) header.i=@googlemail.com;
	spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
	dmarc=fail (p=QUARANTINE dis=NONE) header.from=googlemail.com
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 880AD689937;
	Thu, 15 Dec 2016 03:18:19 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com
	[74.125.82.65])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 41B02680B20
	for <ffmpeg-devel@ffmpeg.org>; Thu, 15 Dec 2016 03:18:13 +0200 (EET)
Received: by mail-wm0-f65.google.com with SMTP id g23so2948455wme.1
	for <ffmpeg-devel@ffmpeg.org>; Wed, 14 Dec 2016 17:18:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=googlemail.com; s=20161025;
	h=from:to:subject:message-id:date:user-agent:mime-version
	:content-transfer-encoding;
	bh=2gf04w/C4SA2MwjjQcQ0kkUf+JfTmIgyggRqOWgYe5Q=;
	b=BZJAZB3tLHheSDpnbIGoeIdJ2cSWL1lRhycHc0iTc/1frs1HAi2VBLLTplR3mBkJtp
	nP3s/KQMCATe31Bexbp+F7mgONloITCeZlaQwk+yn7mXk2cBnLoG9811RNDPdjPyai4k
	0LORS1dLyLr9QWOpbfzZ15HJy14OgMIWU7kdxFjzd8Q2bFAyvRf5Nl1v62X+NkM3e+rK
	S9j0N2Ij/MAN6oxBD4ZeD6w01rU8+80SU1XKwTnJy9XTYvXb2IChEp7r6jQRAgoxi5Nt
	velRoFZtnXxOpdTTskDjfl5krj9XaF6UoitTJg1ygdt1+JfHnyX0HzIbskRJCix8/JZ5
	Frgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:message-id:date:user-agent
	:mime-version:content-transfer-encoding;
	bh=2gf04w/C4SA2MwjjQcQ0kkUf+JfTmIgyggRqOWgYe5Q=;
	b=MRT5mMCwgrdMHfBRl0bSxo8fH9IC4Oi8TSTw+tQJ9x805HphvTr+KonYCiw7O9JURa
	RI0/TW4CwRW+mPErhrTWn5RW+nLHE0PqZg1pn6p8mCLX5PbibMQz/qQDK55k1EvSvTqZ
	ljF8kqBrCuuHx7qq3mTV668bPGKkg3JUJEbggDVTspJ7JMIxJUQgR1a9j6VTS5hWflGI
	OagiwWObb87oKV2BrEq/J13udxF8bkpmizYg8/8aqrYm5nFBypHpgjV8c4IDTOEhy7+n
	NqSz1lVAIUWEolbd1klFkAW/I1UZ5XqQiCZ8ABSPYpOJ9RVOVUrtva5RIGW/uR1XpoVB
	qpxg==
X-Gm-Message-State: 
 AKaTC02elUguyoeZPbaS24MZaoKxL5LPNLHnytC/GMHuRu/Pz18nJibwvRO5cqNpgCHe+A==
X-Received: by 10.28.128.198 with SMTP id b189mr9821369wmd.105.1481764698624;
	Wed, 14 Dec 2016 17:18:18 -0800 (PST)
Received: from [192.168.2.21] (p5B095A24.dip0.t-ipconnect.de. [91.9.90.36])
	by smtp.googlemail.com with ESMTPSA id
	j1sm69687424wjm.26.2016.12.14.17.18.17
	for <ffmpeg-devel@ffmpeg.org>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 14 Dec 2016 17:18:18 -0800 (PST)
From: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
X-Google-Original-From: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Message-ID: <609c350e-1785-22f4-afeb-169005483a85@googlemail.com>
Date: Thu, 15 Dec 2016 02:18:17 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
	Icedove/45.4.0
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH 1/6] 4xm: prevent overflow during block
	alignment calculation
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <http://ffmpeg.org/mailman/options/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <http://ffmpeg.org/pipermail/ffmpeg-devel/>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <http://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
---
 libavformat/4xm.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavformat/4xm.c b/libavformat/4xm.c
index 2758b69..308d889 100644
--- a/libavformat/4xm.c
+++ b/libavformat/4xm.c
@@ -187,6 +187,11 @@ static int parse_strk(AVFormatContext *s,
     st->codecpar->bit_rate              = (int64_t)st->codecpar->channels *
                                           st->codecpar->sample_rate *
                                           st->codecpar->bits_per_coded_sample;
+    if (st->codecpar->channels && st->codecpar->bits_per_coded_sample > INT_MAX / st->codecpar->channels) {
+        av_log(s, AV_LOG_ERROR, "Overflow during block alignment calculation %d * %d\n",
+               st->codecpar->channels, st->codecpar->bits_per_coded_sample);
+        return AVERROR_INVALIDDATA;
+    }
     st->codecpar->block_align           = st->codecpar->channels *
                                           st->codecpar->bits_per_coded_sample;