From patchwork Wed Dec 14 00:57:54 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Cadhalpun X-Patchwork-Id: 1776 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.103.65.86 with SMTP id o83csp2503066vsa; Tue, 13 Dec 2016 16:58:08 -0800 (PST) X-Received: by 10.195.30.165 with SMTP id kf5mr85817226wjd.41.1481677088092; Tue, 13 Dec 2016 16:58:08 -0800 (PST) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id f13si4804995wmh.140.2016.12.13.16.58.05; Tue, 13 Dec 2016 16:58:08 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@googlemail.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=QUARANTINE dis=NONE) header.from=googlemail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 9F4F6689A56; Wed, 14 Dec 2016 02:57:57 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wj0-f196.google.com (mail-wj0-f196.google.com [209.85.210.196]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id E0B0D689978 for ; Wed, 14 Dec 2016 02:57:50 +0200 (EET) Received: by mail-wj0-f196.google.com with SMTP id j10so923258wjb.3 for ; Tue, 13 Dec 2016 16:57:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=from:to:subject:message-id:date:user-agent:mime-version :content-transfer-encoding; bh=Z39ZxKnj7/F7j8HDsed3rmgxtkGjsQJi5pg3xS71anY=; b=XTGgODwrqVASapStgnh4ng6Ks+mrcGIiuHYlxwH6j3gwUz0gVdP0cKEgXspq2QCjGZ pWEtP3KW/1glUhm2lin6tOJASEZ/afwXb3iP2Mxm1ZtgOxFe4DNSCz88Vv7ZhpukVpIG GmX1rNuyx2ihukeaPRTJZFI72UsKPTzhHsMOHIMuiveUeZhn1jX8/ycOyKwrx3iDzGg1 5ziybQbL6yksloXQlWunC7KlWAAcB4lcyUqGU5m/tl8Jl66EdRpSFbJu+GOVvsYEiPqF R+zIjV/KejFyAhvg9OdWqx8R8+DOXEe9IOYZ8SyKABBj6yNjYvdcfrsub2TNThrjYkG3 Wxcw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:message-id:date:user-agent :mime-version:content-transfer-encoding; bh=Z39ZxKnj7/F7j8HDsed3rmgxtkGjsQJi5pg3xS71anY=; b=lUmBkdtwK81sAXYD+z2eNu8+0sFzj9g002JhtSmj6Lpctt9Y9jRGFV98AhddShyDQS URomL7heuSzhTQVCDYsNp40H73rmqRXwRt4nSHUM/LTRtZ/i+Ms4GNXWqbZ1LiXmtN4Y O9YQR8uweBY2aerF55PfzIP/47pOUSArYa6rSj/OuNCrQI8a9WqCGG1eZuErvac5MSpQ 2MNAoRjmx/AI+lVsKHUTqaFVpw2LSjgGvIooWOjEkJh+yahSxowVTeHO3Ph0+2QJQeQ3 0qHkPCo8Le29XzWq2c9e8RBTwIENjKJZdz4UpbkCTJ02H5yXd2vqONwWSTWlYzM6e7U0 oJxA== X-Gm-Message-State: AKaTC02TqP7YpS2TRW/hEpmmcTmQdYXRztKyqGOk35fDkDU+8ndknRyzIv8vsVMlr+5Fow== X-Received: by 10.28.68.195 with SMTP id r186mr4603048wma.105.1481677075704; Tue, 13 Dec 2016 16:57:55 -0800 (PST) Received: from [192.168.2.21] (p5B095BC2.dip0.t-ipconnect.de. [91.9.91.194]) by smtp.googlemail.com with ESMTPSA id x140sm4999268wme.19.2016.12.13.16.57.54 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Dec 2016 16:57:55 -0800 (PST) From: Andreas Cadhalpun X-Google-Original-From: Andreas Cadhalpun To: FFmpeg development discussions and patches Message-ID: Date: Wed, 14 Dec 2016 01:57:54 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.4.0 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 1/3] 4xm: prevent overflow during bit rate calculation X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Signed-off-by: Andreas Cadhalpun --- libavformat/4xm.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavformat/4xm.c b/libavformat/4xm.c index 8a50778..2758b69 100644 --- a/libavformat/4xm.c +++ b/libavformat/4xm.c @@ -163,6 +163,12 @@ static int parse_strk(AVFormatContext *s, return AVERROR_INVALIDDATA; } + if (fourxm->tracks[track].sample_rate > INT64_MAX / fourxm->tracks[track].bits / fourxm->tracks[track].channels) { + av_log(s, AV_LOG_ERROR, "Overflow during bit rate calculation %d * %d * %d\n", + fourxm->tracks[track].sample_rate, fourxm->tracks[track].bits, fourxm->tracks[track].channels); + return AVERROR_INVALIDDATA; + } + /* allocate a new AVStream */ st = avformat_new_stream(s, NULL); if (!st) @@ -178,7 +184,7 @@ static int parse_strk(AVFormatContext *s, st->codecpar->channels = fourxm->tracks[track].channels; st->codecpar->sample_rate = fourxm->tracks[track].sample_rate; st->codecpar->bits_per_coded_sample = fourxm->tracks[track].bits; - st->codecpar->bit_rate = st->codecpar->channels * + st->codecpar->bit_rate = (int64_t)st->codecpar->channels * st->codecpar->sample_rate * st->codecpar->bits_per_coded_sample; st->codecpar->block_align = st->codecpar->channels *