On 06.01.2017 22:31, Ronald S. Bultje wrote: > On Fri, Jan 6, 2017 at 2:48 PM, Andreas Cadhalpun < > andreas.cadhal...@googlemail.com> wrote: > >> Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> >> --- >> libavformat/ircamdec.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/libavformat/ircamdec.c b/libavformat/ircamdec.c >> index 59f3a49411..f3cf4d0dc9 100644 >> --- a/libavformat/ircamdec.c >> +++ b/libavformat/ircamdec.c >> @@ -96,6 +96,7 @@ static int ircam_read_header(AVFormatContext *s) >> } >> >> st->codecpar->bits_per_coded_sample = av_get_bits_per_sample(st-> >> codecpar->codec_id); >> + FF_RETURN_ON_OVERFLOW(s, st->codecpar->channels && >> st->codecpar->bits_per_coded_sample > INT_MAX / st->codecpar->channels) >> st->codecpar->block_align = st->codecpar->bits_per_coded_sample * >> st->codecpar->channels / 8; >> avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate); >> avio_skip(s->pb, 1008); > > > I see this code a few lines up: > > if (!channels || !sample_rate) > return AVERROR_INVALIDDATA; > > So channels == 0 seems impossible to me.
Right, I dropped the check for that. Best regards, Andreas
>From b91a25e4b8a79d8d39a9c0593d0715190474a4ec Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> Date: Thu, 15 Dec 2016 02:14:45 +0100 Subject: [PATCH 5/9] ircamdec: prevent overflow during block alignment calculation Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> --- libavformat/ircamdec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/ircamdec.c b/libavformat/ircamdec.c index 59f3a49411..5d2d0ab9b9 100644 --- a/libavformat/ircamdec.c +++ b/libavformat/ircamdec.c @@ -96,6 +96,7 @@ static int ircam_read_header(AVFormatContext *s) } st->codecpar->bits_per_coded_sample = av_get_bits_per_sample(st->codecpar->codec_id); + FF_RETURN_ON_OVERFLOW(s, st->codecpar->bits_per_coded_sample > INT_MAX / st->codecpar->channels) st->codecpar->block_align = st->codecpar->bits_per_coded_sample * st->codecpar->channels / 8; avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate); avio_skip(s->pb, 1008); -- 2.11.0
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel