| Message ID | eec2c862-ab77-c081-8c3e-a5c9ecac7766@googlemail.com |
|---|---|
| State | Superseded |
| Headers | show |
Hi, On Fri, Jan 6, 2017 at 2:48 PM, Andreas Cadhalpun < andreas.cadhalpun@googlemail.com> wrote: > Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> > --- > libavformat/ircamdec.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/libavformat/ircamdec.c b/libavformat/ircamdec.c > index 59f3a49411..f3cf4d0dc9 100644 > --- a/libavformat/ircamdec.c > +++ b/libavformat/ircamdec.c > @@ -96,6 +96,7 @@ static int ircam_read_header(AVFormatContext *s) > } > > st->codecpar->bits_per_coded_sample = av_get_bits_per_sample(st-> > codecpar->codec_id); > + FF_RETURN_ON_OVERFLOW(s, st->codecpar->channels && > st->codecpar->bits_per_coded_sample > INT_MAX / st->codecpar->channels) > st->codecpar->block_align = st->codecpar->bits_per_coded_sample * > st->codecpar->channels / 8; > avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate); > avio_skip(s->pb, 1008); I see this code a few lines up: if (!channels || !sample_rate) return AVERROR_INVALIDDATA; So channels == 0 seems impossible to me. Ronald
diff --git a/libavformat/ircamdec.c b/libavformat/ircamdec.c index 59f3a49411..f3cf4d0dc9 100644 --- a/libavformat/ircamdec.c +++ b/libavformat/ircamdec.c @@ -96,6 +96,7 @@ static int ircam_read_header(AVFormatContext *s) } st->codecpar->bits_per_coded_sample = av_get_bits_per_sample(st->codecpar->codec_id); + FF_RETURN_ON_OVERFLOW(s, st->codecpar->channels && st->codecpar->bits_per_coded_sample > INT_MAX / st->codecpar->channels) st->codecpar->block_align = st->codecpar->bits_per_coded_sample * st->codecpar->channels / 8; avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate); avio_skip(s->pb, 1008);
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> --- libavformat/ircamdec.c | 1 + 1 file changed, 1 insertion(+)