Message ID | b47cfd80-3480-65c6-3686-35eb34be3a9a@googlemail.com |
---|---|
State | Superseded |
Headers | show |
On Wed, Oct 19, 2016 at 10:41:22PM +0200, Andreas Cadhalpun wrote: > Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> > --- > libavformat/dcstr.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavformat/dcstr.c b/libavformat/dcstr.c > index 69fae41..d5d2281 100644 > --- a/libavformat/dcstr.c > +++ b/libavformat/dcstr.c > @@ -47,7 +47,7 @@ static int dcstr_read_header(AVFormatContext *s) > avio_skip(s->pb, 4); > st->duration = avio_rl32(s->pb); > st->codecpar->channels *= avio_rl32(s->pb); This here can overflow and needs a check > - if (!align || align > INT_MAX / st->codecpar->channels) > + if (!align || !st->codecpar->channels || align > INT_MAX / st->codecpar->channels) > return AVERROR_INVALIDDATA; might need a <0 check too should be ok otherwise [...]
diff --git a/libavformat/dcstr.c b/libavformat/dcstr.c index 69fae41..d5d2281 100644 --- a/libavformat/dcstr.c +++ b/libavformat/dcstr.c @@ -47,7 +47,7 @@ static int dcstr_read_header(AVFormatContext *s) avio_skip(s->pb, 4); st->duration = avio_rl32(s->pb); st->codecpar->channels *= avio_rl32(s->pb); - if (!align || align > INT_MAX / st->codecpar->channels) + if (!align || !st->codecpar->channels || align > INT_MAX / st->codecpar->channels) return AVERROR_INVALIDDATA; st->codecpar->block_align = align * st->codecpar->channels;
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> --- libavformat/dcstr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)