From patchwork Fri Jan 6 22:26:50 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Cadhalpun X-Patchwork-Id: 2090 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.103.89.21 with SMTP id n21csp6027526vsb; Fri, 6 Jan 2017 14:27:03 -0800 (PST) X-Received: by 10.223.170.73 with SMTP id q9mr2847810wrd.153.1483741623434; Fri, 06 Jan 2017 14:27:03 -0800 (PST) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id y6si3727465wmy.55.2017.01.06.14.27.02; Fri, 06 Jan 2017 14:27:03 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@googlemail.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 03C3C68A381; Sat, 7 Jan 2017 00:26:54 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wj0-f194.google.com (mail-wj0-f194.google.com [209.85.210.194]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 72EF868A35D for ; Sat, 7 Jan 2017 00:26:47 +0200 (EET) Received: by mail-wj0-f194.google.com with SMTP id kp2so80738204wjc.0 for ; Fri, 06 Jan 2017 14:26:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=from:subject:to:references:message-id:date:user-agent:mime-version :in-reply-to; bh=Pluv3SeBFgWEqZYbPFt/RYr8eW8fW6f1i6UjaHbspow=; b=hNxTPy6cd2YWfbh8Q0J0+XYH+oTL3ObgS2x43f09IZ5ezkUxr7o5BULUSy/OHdU/d4 DsWIUQTbLarXa8MNnajHXMCFlnTNUckbjDTnngCbcxDJDvbdnnEwdGzx16xQcfZ0FEti qdjJ2l17Nj/fIhO6B7mhLT3pZVlGAsuUrNe53PUXSwhLUfbe14u9FZtmRtiJo8GRDn8z I7EPA4DhgI9bkwd+/P1+yPvNoH1uLq4cYfdIRqe6jpl1RibpY/PCRKom+CYOpZFzkLUU C1nbhS1v10w5NwpNeNKBjfzkLo7UI6Jjgw8UUuaV/cOZitV3R4jtT2I8IWTpkEy1K3D+ AxwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:references:message-id:date :user-agent:mime-version:in-reply-to; bh=Pluv3SeBFgWEqZYbPFt/RYr8eW8fW6f1i6UjaHbspow=; b=BLm0NWGq55kq9/Im7w4jH72bZW6DzZvVpwayYe32gYighRtEfD2vTj6ln8I0D3RhtS zfMp/4CAjQD5WjEAMcxsxOd1PDORMjHWri2NvmbgOSmS9Hi2TzyTRAysQ90wgUgU5TLl L4jQOXhUdvOsnOV2lI33KjGTcbLEEbuL/sZfHXyxBFzpUbG6M0ZmrUnJMPfLmMRgIWcb KXETVMFuzTAC7Z59NUWCOK6L+kRXuo3TwGB6oiqK6PWx664qo1dksildfKc9IQfYGYMI Hm0g4lxlajlKef74/MLiWwEuDy9ve17j6qV3kWg/PxHhihy2mNKWQJKTE0bN37sT9C4e 6Rjg== X-Gm-Message-State: AIkVDXLwgnaXVPkyCG7sU1Z87dERb2WnExITK0FyINvcNsGj3xFfPSQI3V//JC7PaX26cg== X-Received: by 10.194.179.166 with SMTP id dh6mr54268535wjc.187.1483741612844; Fri, 06 Jan 2017 14:26:52 -0800 (PST) Received: from [192.168.2.21] (p5B072B3E.dip0.t-ipconnect.de. [91.7.43.62]) by smtp.googlemail.com with ESMTPSA id q65sm5419605wmd.6.2017.01.06.14.26.51 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 06 Jan 2017 14:26:51 -0800 (PST) From: Andreas Cadhalpun X-Google-Original-From: Andreas Cadhalpun To: ffmpeg-devel@ffmpeg.org References: <8f290505-70a1-d5b0-cbcf-96522ab12ce4@googlemail.com> Message-ID: Date: Fri, 6 Jan 2017 23:26:50 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.4.0 MIME-Version: 1.0 In-Reply-To: Subject: Re: [FFmpeg-devel] [PATCH 5/9] ircamdec: prevent overflow during block alignment calculation X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" On 06.01.2017 22:31, Ronald S. Bultje wrote: > On Fri, Jan 6, 2017 at 2:48 PM, Andreas Cadhalpun < > andreas.cadhalpun@googlemail.com> wrote: > >> Signed-off-by: Andreas Cadhalpun >> --- >> libavformat/ircamdec.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/libavformat/ircamdec.c b/libavformat/ircamdec.c >> index 59f3a49411..f3cf4d0dc9 100644 >> --- a/libavformat/ircamdec.c >> +++ b/libavformat/ircamdec.c >> @@ -96,6 +96,7 @@ static int ircam_read_header(AVFormatContext *s) >> } >> >> st->codecpar->bits_per_coded_sample = av_get_bits_per_sample(st-> >> codecpar->codec_id); >> + FF_RETURN_ON_OVERFLOW(s, st->codecpar->channels && >> st->codecpar->bits_per_coded_sample > INT_MAX / st->codecpar->channels) >> st->codecpar->block_align = st->codecpar->bits_per_coded_sample * >> st->codecpar->channels / 8; >> avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate); >> avio_skip(s->pb, 1008); > > > I see this code a few lines up: > > if (!channels || !sample_rate) > return AVERROR_INVALIDDATA; > > So channels == 0 seems impossible to me. Right, I dropped the check for that. Best regards, Andreas From b91a25e4b8a79d8d39a9c0593d0715190474a4ec Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun Date: Thu, 15 Dec 2016 02:14:45 +0100 Subject: [PATCH 5/9] ircamdec: prevent overflow during block alignment calculation Signed-off-by: Andreas Cadhalpun --- libavformat/ircamdec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/ircamdec.c b/libavformat/ircamdec.c index 59f3a49411..5d2d0ab9b9 100644 --- a/libavformat/ircamdec.c +++ b/libavformat/ircamdec.c @@ -96,6 +96,7 @@ static int ircam_read_header(AVFormatContext *s) } st->codecpar->bits_per_coded_sample = av_get_bits_per_sample(st->codecpar->codec_id); + FF_RETURN_ON_OVERFLOW(s, st->codecpar->bits_per_coded_sample > INT_MAX / st->codecpar->channels) st->codecpar->block_align = st->codecpar->bits_per_coded_sample * st->codecpar->channels / 8; avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate); avio_skip(s->pb, 1008); -- 2.11.0