From patchwork Wed Dec 14 00:58:35 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Cadhalpun X-Patchwork-Id: 1777 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.103.65.86 with SMTP id o83csp2503286vsa; Tue, 13 Dec 2016 16:58:46 -0800 (PST) X-Received: by 10.28.182.4 with SMTP id g4mr5040342wmf.15.1481677126487; Tue, 13 Dec 2016 16:58:46 -0800 (PST) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id ll4si51977382wjc.32.2016.12.13.16.58.46; Tue, 13 Dec 2016 16:58:46 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@googlemail.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=QUARANTINE dis=NONE) header.from=googlemail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 9B7D6689A9C; Wed, 14 Dec 2016 02:58:38 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wj0-f195.google.com (mail-wj0-f195.google.com [209.85.210.195]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id ECA16689A74 for ; Wed, 14 Dec 2016 02:58:31 +0200 (EET) Received: by mail-wj0-f195.google.com with SMTP id xy5so945069wjc.1 for ; Tue, 13 Dec 2016 16:58:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=from:subject:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=nZdwNahKCBgHmMdX3JiO1y2IM9bjTnQT8McjuM3wFkk=; b=RgVBcZ2f5d3/J0bcQnHeyRr7OpXtf1kt4+gZbION5mNvhyRx0l48A0auIy/c/MD7pr JrqDE68MpWxpBTnizvjQKImO5thA32TJTQk+Ea4DGz+JCJCgNGAKBHpZHp0KKLllWMDD 4oRxL12SrmHC+zGF5P9bUJVsZj9oVhU2DM4JzjOr5zsn/E00hlqB4dz/pO8etT9ddH7P cuSGoU/hz/bBE8Pg3dFqDSo+mhI08x2jAFLsGONzIwIoKtEYPKk9sC9OO9ij77QIp2/o KMzEdVWRfTjT1FzXxIsmfssAzK8JMAazhvRhCP5OPX3q+qG879gjw1IHF1Dl3rUKG+yS 593g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:subject:to:references:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=nZdwNahKCBgHmMdX3JiO1y2IM9bjTnQT8McjuM3wFkk=; b=WyvPvaPuxdGLZlpkwXvwc9RydkK2BlEgRl3YcstZcvvcQjNcNu9NuM6jY1s+p8SxuP greKgRJNYxIsTBCmuKPPxy6Mp3sGFzSni6meUZ5Ls2kk+1esgrJLHQX8Ydgkxzizrcuy PxCE1dDQHjFyr3TZwx6RrrVTqaBU+sJLN8PewSfkPh+RBzC1FE0OSEvWbC+GLHAtJlgL O2SFV8wWlP+3clEvJfTS7PXbAgwC8b1JeuCgjUJnBQiTgAGcCokEVxqS18mMIH35sOC8 YgX0XZuUQdWR5ZQawGR9emdAOQ3nRLvWhy+su+xk7FcCyeXpQ8/1YRO+9ApQXFz0QpZc ceog== X-Gm-Message-State: AKaTC01PMWHx0toHStDlKAqtfplSxpLgyBOXTJ8mhNSL2TcW6O6ZS92T3EldNXP+tgeraQ== X-Received: by 10.28.232.85 with SMTP id f82mr4730391wmh.127.1481677116950; Tue, 13 Dec 2016 16:58:36 -0800 (PST) Received: from [192.168.2.21] (p5B095BC2.dip0.t-ipconnect.de. [91.9.91.194]) by smtp.googlemail.com with ESMTPSA id e5sm5008069wma.12.2016.12.13.16.58.36 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Dec 2016 16:58:36 -0800 (PST) From: Andreas Cadhalpun X-Google-Original-From: Andreas Cadhalpun To: FFmpeg development discussions and patches References: Message-ID: Date: Wed, 14 Dec 2016 01:58:35 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.4.0 MIME-Version: 1.0 In-Reply-To: Subject: [FFmpeg-devel] [PATCH 3/3] mov: prevent overflow during bit rate calculation X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Signed-off-by: Andreas Cadhalpun --- libavformat/mov.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 6c8affc..fc0b25c 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -5887,8 +5887,15 @@ static int mov_read_header(AVFormatContext *s) for (i = 0; i < s->nb_streams; i++) { AVStream *st = s->streams[i]; MOVStreamContext *sc = st->priv_data; - if (st->duration > 0) + if (st->duration > 0) { + if (sc->data_size > INT64_MAX / sc->time_scale / 8) { + av_log(s, AV_LOG_ERROR, "Overflow during bit rate calculation %"PRId64" * 8 * %d\n", + sc->data_size, sc->time_scale); + mov_read_close(s); + return AVERROR_INVALIDDATA; + } st->codecpar->bit_rate = sc->data_size * 8 * sc->time_scale / st->duration; + } } } @@ -5897,6 +5904,12 @@ static int mov_read_header(AVFormatContext *s) AVStream *st = s->streams[i]; MOVStreamContext *sc = st->priv_data; if (sc->duration_for_fps > 0) { + if (sc->data_size > INT64_MAX / sc->time_scale / 8) { + av_log(s, AV_LOG_ERROR, "Overflow during bit rate calculation %"PRId64" * 8 * %d\n", + sc->data_size, sc->time_scale); + mov_read_close(s); + return AVERROR_INVALIDDATA; + } st->codecpar->bit_rate = sc->data_size * 8 * sc->time_scale / sc->duration_for_fps; }