[FFmpeg-devel,03/12] ffmdec: validate sample_rate

Message ID	756e59f0-3689-8660-00c4-ca6b623d4992@googlemail.com
State	Accepted
Commit	0009457dc09739685ee192c90d6691e1663c8b9c
Headers	show Delivered-To: ffmpegpatchwork@gmail.com Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; From: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> References: <6622a3c7-3900-8982-1179-4ccdd0fec2b3@googlemail.com> Message-ID: <756e59f0-3689-8660-00c4-ca6b623d4992@googlemail.com> Date: Sun, 23 Oct 2016 18:27:32 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.4.0 MIME-Version: 1.0 In-Reply-To: <6622a3c7-3900-8982-1179-4ccdd0fec2b3@googlemail.com> Subject: [FFmpeg-devel] [PATCH 03/12] ffmdec: validate sample_rate Precedence: list Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Message ID

756e59f0-3689-8660-00c4-ca6b623d4992@googlemail.com

State

Accepted

Commit

0009457dc09739685ee192c90d6691e1663c8b9c

Headers

Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	client-ip=79.124.17.100; 
From: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
References: <6622a3c7-3900-8982-1179-4ccdd0fec2b3@googlemail.com>
Message-ID: <756e59f0-3689-8660-00c4-ca6b623d4992@googlemail.com>
Date: Sun, 23 Oct 2016 18:27:32 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
	Icedove/45.4.0
MIME-Version: 1.0
In-Reply-To: <6622a3c7-3900-8982-1179-4ccdd0fec2b3@googlemail.com>
Subject: [FFmpeg-devel] [PATCH 03/12] ffmdec: validate sample_rate
Precedence: list
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Commit Message

Andreas Cadhalpun Oct. 23, 2016, 4:27 p.m. UTC

A negative sample rate doesn't make sense and triggers assertions in
av_rescale_rnd.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
---
 libavformat/ffmdec.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/libavformat/ffmdec.c b/libavformat/ffmdec.c
index 16ba8ec..6b09be2 100644
--- a/libavformat/ffmdec.c
+++ b/libavformat/ffmdec.c
@@ -432,6 +432,11 @@  static int ffm2_read_header(AVFormatContext *s)
                 goto fail;
             }
             codec->sample_rate = avio_rb32(pb);
+            if (codec->sample_rate <= 0) {
+                av_log(s, AV_LOG_ERROR, "Invalid sample rate %d\n", codec->sample_rate);
+                ret = AVERROR_INVALIDDATA;
+                goto fail;
+            }
             codec->channels = avio_rl16(pb);
             codec->frame_size = avio_rl16(pb);
             break;
@@ -628,6 +633,10 @@  static int ffm_read_header(AVFormatContext *s)
             break;
         case AVMEDIA_TYPE_AUDIO:
             codec->sample_rate = avio_rb32(pb);
+            if (codec->sample_rate <= 0) {
+                av_log(s, AV_LOG_ERROR, "Invalid sample rate %d\n", codec->sample_rate);
+                goto fail;
+            }
             codec->channels = avio_rl16(pb);
             codec->frame_size = avio_rl16(pb);
             break;

[FFmpeg-devel,03/12] ffmdec: validate sample_rate

Commit Message

Patch