From patchwork Wed Dec 14 00:58:17 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Cadhalpun X-Patchwork-Id: 1778 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.103.65.86 with SMTP id o83csp2503175vsa; Tue, 13 Dec 2016 16:58:28 -0800 (PST) X-Received: by 10.28.168.70 with SMTP id r67mr4591251wme.19.1481677107923; Tue, 13 Dec 2016 16:58:27 -0800 (PST) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 67si4826139wmj.100.2016.12.13.16.58.27; Tue, 13 Dec 2016 16:58:27 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@googlemail.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=QUARANTINE dis=NONE) header.from=googlemail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 36777689A6C; Wed, 14 Dec 2016 02:58:20 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wj0-f194.google.com (mail-wj0-f194.google.com [209.85.210.194]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 11A4E689978 for ; Wed, 14 Dec 2016 02:58:14 +0200 (EET) Received: by mail-wj0-f194.google.com with SMTP id xy5so944122wjc.1 for ; Tue, 13 Dec 2016 16:58:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=from:subject:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=2G68ZobnD8VJkeaxzMBKDrbITCXQsUm28eUtyCWBYKg=; b=YZVxybDgBQtqK0/LFKIc1HQh+bR8LgNAk7lQcAzBQP/FftGdshZJsfxsX5tVs5Y2i/ veaMH6lp0kZM4t4QyiGRMe/YRaCTRJeoLJuvCXRoXVpIEC6s4VAdtg81NfRLp5bgXBgh Z3GDlCKCpKST93K4bfxZnr84bmadouZ6tgTmp+4JCyrG8M8SEcjF+u3UFEAhjvSEsbv0 elmNf+4TM1sQwOPoBLKmuTCxzwCHbg/6u8BI19IQO3/pphEElOsvPwgdlLfDAS/bb/kA 58w+SbDVRGRUz+vOSGhZO5qwkb/RyZ3bzh3R1LG56Kg1dXUXBXcyHmfbfw3QJa+a6zba uQag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:subject:to:references:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=2G68ZobnD8VJkeaxzMBKDrbITCXQsUm28eUtyCWBYKg=; b=TCw8bBqkyIjn/7s/pouLy+41PGFwwJIaEBVgEuLgeN7U94NcQ6w/Q7DwrUscUwsXJc n0po1t6EIAhWUc2SKaYhnKYf12TWeRTvQ0hyP59E9RcfvNH54WTNgXubntp6IuNaIKrL E3YACxF77meZHK2WflV6iIMxA19ZRH8kIlIoMOr750bDO9l9c3yfyrutrqO0IuoVL6cq 908rXMzDp+gP3ohdkLFf6WJjfu/U/Dqdi51YMsgQBFgaVKT6AgU5yqdbh2zUhOd5pukQ L7F9qF4hTbBkoxZG4odivYcRHEOs5mp/Jrzo5QksBXeMZ6ubfSzc484ccnucpQKEUpkZ gsdQ== X-Gm-Message-State: AKaTC01gwrh+YLrvh46ahhR/jFVtPH7iuW6ak6csCqGYcPsnpBFJ/AtnKgLJNvmwYRo5cg== X-Received: by 10.194.235.98 with SMTP id ul2mr86212570wjc.229.1481677098937; Tue, 13 Dec 2016 16:58:18 -0800 (PST) Received: from [192.168.2.21] (p5B095BC2.dip0.t-ipconnect.de. [91.9.91.194]) by smtp.googlemail.com with ESMTPSA id 135sm5000039wmh.14.2016.12.13.16.58.18 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Dec 2016 16:58:18 -0800 (PST) From: Andreas Cadhalpun X-Google-Original-From: Andreas Cadhalpun To: FFmpeg development discussions and patches References: Message-ID: Date: Wed, 14 Dec 2016 01:58:17 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.4.0 MIME-Version: 1.0 In-Reply-To: Subject: [FFmpeg-devel] [PATCH 2/3] cafdec: prevent overflow during bit rate calculation X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Signed-off-by: Andreas Cadhalpun --- libavformat/cafdec.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c index 1c4ca40..0e6179a 100644 --- a/libavformat/cafdec.c +++ b/libavformat/cafdec.c @@ -323,8 +323,13 @@ static int read_header(AVFormatContext *s) if (caf->data_size > 0) st->nb_frames = (caf->data_size / caf->bytes_per_packet) * caf->frames_per_packet; } else if (st->nb_index_entries && st->duration > 0) { - st->codecpar->bit_rate = st->codecpar->sample_rate * caf->data_size * 8 / - st->duration; + if (st->codecpar->sample_rate && caf->data_size / st->duration > INT64_MAX / st->codecpar->sample_rate / 8) { + av_log(s, AV_LOG_ERROR, "Overflow during bit rate calculation %d * 8 * %"PRId64"\n", + st->codecpar->sample_rate, caf->data_size / st->duration); + return AVERROR_INVALIDDATA; + } + st->codecpar->bit_rate = st->codecpar->sample_rate * 8LL * + (caf->data_size / st->duration); } else { av_log(s, AV_LOG_ERROR, "Missing packet table. It is required when " "block size or frame size are variable.\n");