From patchwork Sun Nov 13 17:26:28 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
X-Patchwork-Id: 1404
Delivered-To: ffmpegpatchwork@gmail.com
Received: by 10.103.90.1 with SMTP id o1csp694702vsb;
	Sun, 13 Nov 2016 09:26:41 -0800 (PST)
X-Received: by 10.28.109.156 with SMTP id b28mr6654659wmi.116.1479058001397;
	Sun, 13 Nov 2016 09:26:41 -0800 (PST)
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
	by mx.google.com with ESMTP id
	mp16si20167866wjb.279.2016.11.13.09.26.40;
	Sun, 13 Nov 2016 09:26:41 -0800 (PST)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
	dkim=neutral (body hash did not verify) header.i=@googlemail.com;
	spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
	dmarc=fail (p=QUARANTINE dis=NONE) header.from=googlemail.com
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id D0C94689C38;
	Sun, 13 Nov 2016 19:26:38 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com
	[74.125.82.68])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id CB72C6899AF
	for <ffmpeg-devel@ffmpeg.org>; Sun, 13 Nov 2016 19:26:31 +0200 (EET)
Received: by mail-wm0-f68.google.com with SMTP id g23so9393585wme.1
	for <ffmpeg-devel@ffmpeg.org>; Sun, 13 Nov 2016 09:26:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=googlemail.com; s=20120113;
	h=from:to:subject:message-id:date:user-agent:mime-version
	:content-transfer-encoding;
	bh=dtupud0+c/xhz0w4LO75YSu5VFh+0tCHuX5jI9C5PVo=;
	b=QvteH8T61GwaYlWVLi4jTE0U7xk6lbHMddSqLdat4iczQNk8zc0oYaRXSd3SxsRpi3
	6A3OnNh3/jG3R3sapC4KtbaSw+YahANR1Qzc7j/j3Ai/nXcmKoQmM6IBK8GUqdiMCadz
	U/XKxJF/QKnm5NRvkWuMd8Gl24QBiSkmrYkt01PGx//8OcaCpZ0XMoMdY2zpTrev7Xut
	ZKv4RALDRLi5qnx5Aql2UXpPK/1VRIwAvoU1uN7yP3fMMiQuc9LOOv10uiszQ1Z2GWm8
	dWOQjXqcMN+PSYnXwvU+/liSmw14SvgRFJdi/sQ6ePZJ30OUsSrY8llNK446B1cXhhz1
	HF4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:subject:message-id:date:user-agent
	:mime-version:content-transfer-encoding;
	bh=dtupud0+c/xhz0w4LO75YSu5VFh+0tCHuX5jI9C5PVo=;
	b=CjPBfZiXWIJjUQ65css9CYLxQP0KDTZ/iCTiIIt3uupSuWUsW0POimawKIN/5nQkpT
	dxPn+6uB/JKxo+3yxMcl47Zp+H+7sZ7HQ6gSsj3VbUJdtRxosb4ZuHOcwrb32MCy6qW+
	Jz01g4yCqGlRyGrgetxUtrfv11AN+cHaC5NjsauXLG9a7Jhom/pNqmlMqHRlrdpVvBU1
	WYwrF2DE0c0rdk+EehWdJGV9vGHUPb71Of9PDuU73dRIbwwakIZm2kYrX2XddUQD5vNv
	Kq2scr1PX3MPsySG3xOsG6jQZ1yrGm0ZmlCSPCAsBJtfCN1o/WYy1IGhxDYGA/E4v73K
	HATQ==
X-Gm-Message-State: 
 ABUngveM1l7S5xb8z3TpE2LO7Ewo9LC5deJ5U7rzylnsZhITrf9sE5jAuAZWbkH4sBGUbQ==
X-Received: by 10.28.45.212 with SMTP id t203mr7106507wmt.46.1479057991047;
	Sun, 13 Nov 2016 09:26:31 -0800 (PST)
Received: from [192.168.2.21] (p5B072E6F.dip0.t-ipconnect.de. [91.7.46.111])
	by smtp.googlemail.com with ESMTPSA id
	c202sm42596150wme.1.2016.11.13.09.26.30
	for <ffmpeg-devel@ffmpeg.org>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Sun, 13 Nov 2016 09:26:30 -0800 (PST)
From: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
X-Google-Original-From: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Message-ID: <6ac08f29-97f1-89fa-78a0-b1cf7cd5d8b2@googlemail.com>
Date: Sun, 13 Nov 2016 18:26:28 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
	Icedove/45.4.0
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH] filmstripdec: correctly check image
	dimensions
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <http://ffmpeg.org/mailman/options/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <http://ffmpeg.org/pipermail/ffmpeg-devel/>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <http://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

This prevents a division by zero in read_packet.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
---
 libavformat/filmstripdec.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/libavformat/filmstripdec.c b/libavformat/filmstripdec.c
index 414e276..0aeb594 100644
--- a/libavformat/filmstripdec.c
+++ b/libavformat/filmstripdec.c
@@ -25,6 +25,7 @@
  */
 
 #include "libavutil/intreadwrite.h"
+#include "libavutil/imgutils.h"
 #include "avformat.h"
 #include "internal.h"
 
@@ -68,10 +69,8 @@ static int read_header(AVFormatContext *s)
     st->codecpar->height     = avio_rb16(pb);
     film->leading         = avio_rb16(pb);
 
-    if (st->codecpar->width * 4LL * st->codecpar->height >= INT_MAX) {
-        av_log(s, AV_LOG_ERROR, "dimensions too large\n");
-        return AVERROR_PATCHWELCOME;
-    }
+    if (av_image_check_size(st->codecpar->width, st->codecpar->height, 0, s) < 0)
+        return AVERROR_INVALIDDATA;
 
     avpriv_set_pts_info(st, 64, 1, avio_rb16(pb));