[FFmpeg-devel] interplayacm: validate number of channels

Message ID	95ea89f0-c5d6-266c-4945-21a7416a4352@googlemail.com
State	Accepted
Commit	5540d6c1343e6d1e06d6601b7d35884761711e3e
Headers	show Delivered-To: ffmpegpatchwork@gmail.com Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; From: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> Message-ID: <95ea89f0-c5d6-266c-4945-21a7416a4352@googlemail.com> Date: Sun, 30 Oct 2016 21:43:49 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.4.0 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH] interplayacm: validate number of channels Precedence: list Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Message ID

95ea89f0-c5d6-266c-4945-21a7416a4352@googlemail.com

State

Accepted

Commit

5540d6c1343e6d1e06d6601b7d35884761711e3e

Headers

Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	client-ip=79.124.17.100; 
From: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Message-ID: <95ea89f0-c5d6-266c-4945-21a7416a4352@googlemail.com>
Date: Sun, 30 Oct 2016 21:43:49 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
	Icedove/45.4.0
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH] interplayacm: validate number of channels
Precedence: list
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Commit Message

Andreas Cadhalpun Oct. 30, 2016, 8:43 p.m. UTC

The number of channels is used as divisor in decode_frame, so it must
not be zero to avoid SIGFPE crashes.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
---
 libavcodec/interplayacm.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Paul B Mahol Oct. 30, 2016, 9:15 p.m. UTC | #1

On 10/30/16, Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> wrote:
> The number of channels is used as divisor in decode_frame, so it must
> not be zero to avoid SIGFPE crashes.
>
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
> ---
>  libavcodec/interplayacm.c | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/libavcodec/interplayacm.c b/libavcodec/interplayacm.c
> index f4a3446..c897e72 100644
> --- a/libavcodec/interplayacm.c
> +++ b/libavcodec/interplayacm.c
> @@ -62,6 +62,11 @@ static av_cold int decode_init(AVCodecContext *avctx)
>      if (avctx->extradata_size < 14)
>          return AVERROR_INVALIDDATA;
>
> +    if (avctx->channels <= 0) {
> +        av_log(avctx, AV_LOG_ERROR, "Invalid number of channels: %d\n",
> avctx->channels);
> +        return AVERROR_INVALIDDATA;
> +    }
> +
>      s->level = AV_RL16(avctx->extradata + 12) & 0xf;
>      s->rows  = AV_RL16(avctx->extradata + 12) >>  4;
>      s->cols  = 1 << s->level;
> --
> 2.10.1
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>

Patch is OK. Thanks.

Andreas Cadhalpun Oct. 30, 2016, 9:39 p.m. UTC | #2

On 30.10.2016 22:15, Paul B Mahol wrote:
> On 10/30/16, Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> wrote:
>> The number of channels is used as divisor in decode_frame, so it must
>> not be zero to avoid SIGFPE crashes.
>>
>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
>> ---
>>  libavcodec/interplayacm.c | 5 +++++
>>  1 file changed, 5 insertions(+)
>>
>> diff --git a/libavcodec/interplayacm.c b/libavcodec/interplayacm.c
>> index f4a3446..c897e72 100644
>> --- a/libavcodec/interplayacm.c
>> +++ b/libavcodec/interplayacm.c
>> @@ -62,6 +62,11 @@ static av_cold int decode_init(AVCodecContext *avctx)
>>      if (avctx->extradata_size < 14)
>>          return AVERROR_INVALIDDATA;
>>
>> +    if (avctx->channels <= 0) {
>> +        av_log(avctx, AV_LOG_ERROR, "Invalid number of channels: %d\n",
>> avctx->channels);
>> +        return AVERROR_INVALIDDATA;
>> +    }
>> +
>>      s->level = AV_RL16(avctx->extradata + 12) & 0xf;
>>      s->rows  = AV_RL16(avctx->extradata + 12) >>  4;
>>      s->cols  = 1 << s->level;
>> --
>> 2.10.1
>> _______________________________________________
>> ffmpeg-devel mailing list
>> ffmpeg-devel@ffmpeg.org
>> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>>
> 
> Patch is OK. Thanks.

Pushed.

Best regards,
Andreas

diff --git a/libavcodec/interplayacm.c b/libavcodec/interplayacm.c
index f4a3446..c897e72 100644
--- a/libavcodec/interplayacm.c
+++ b/libavcodec/interplayacm.c
@@ -62,6 +62,11 @@  static av_cold int decode_init(AVCodecContext *avctx)
     if (avctx->extradata_size < 14)
         return AVERROR_INVALIDDATA;
 
+    if (avctx->channels <= 0) {
+        av_log(avctx, AV_LOG_ERROR, "Invalid number of channels: %d\n", avctx->channels);
+        return AVERROR_INVALIDDATA;
+    }
+
     s->level = AV_RL16(avctx->extradata + 12) & 0xf;
     s->rows  = AV_RL16(avctx->extradata + 12) >>  4;
     s->cols  = 1 << s->level;