[FFmpeg-cvslog] mvi: Add sanity checking for the audio frame size
Martin Storsjö
git at videolan.org
Tue Oct 8 01:33:18 CEST 2013
ffmpeg | branch: release/1.1 | Martin Storsjö <martin at martin.st> | Sat Sep 28 23:26:18 2013 +0300| [04d2f9ace3fb6e880f3488770fc5a39de5b63cbb] | committer: Luca Barbato
mvi: Add sanity checking for the audio frame size
This avoids a division by zero.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
Signed-off-by: Martin Storsjö <martin at martin.st>
(cherry picked from commit 28ff439efd2362fb21e1a78610737f2e26a72d8f)
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=04d2f9ace3fb6e880f3488770fc5a39de5b63cbb
---
libavformat/mvi.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/libavformat/mvi.c b/libavformat/mvi.c
index 10ec8bb..65096f1 100644
--- a/libavformat/mvi.c
+++ b/libavformat/mvi.c
@@ -93,6 +93,12 @@ static int read_header(AVFormatContext *s)
mvi->get_int = (vst->codec->width * vst->codec->height < (1 << 16)) ? avio_rl16 : avio_rl24;
mvi->audio_frame_size = ((uint64_t)mvi->audio_data_size << MVI_FRAC_BITS) / frames_count;
+ if (mvi->audio_frame_size <= 1 << MVI_FRAC_BITS - 1) {
+ av_log(s, AV_LOG_ERROR, "Invalid audio_data_size (%d) or frames_count (%d)\n",
+ mvi->audio_data_size, frames_count);
+ return AVERROR_INVALIDDATA;
+ }
+
mvi->audio_size_counter = (ast->codec->sample_rate * 830 / mvi->audio_frame_size - 1) * mvi->audio_frame_size;
mvi->audio_size_left = mvi->audio_data_size;
More information about the ffmpeg-cvslog
mailing list