[FFmpeg-cvslog] pvfdec: prevent overflow during block alignment calculation
Andreas Cadhalpun
git at videolan.org
Sun Jan 29 02:24:25 EET 2017
ffmpeg | branch: master | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Thu Dec 15 02:14:54 2016 +0100| [169c1cfa928040b83f2ac8386333ec5e5cff3df7] | committer: Andreas Cadhalpun
pvfdec: prevent overflow during block alignment calculation
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=169c1cfa928040b83f2ac8386333ec5e5cff3df7
---
libavformat/pvfdec.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavformat/pvfdec.c b/libavformat/pvfdec.c
index b9f6d4f..c6652b9 100644
--- a/libavformat/pvfdec.c
+++ b/libavformat/pvfdec.c
@@ -19,6 +19,7 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
+#include "libavcodec/internal.h"
#include "avformat.h"
#include "internal.h"
#include "pcm.h"
@@ -44,7 +45,8 @@ static int pvf_read_header(AVFormatContext *s)
&bps) != 3)
return AVERROR_INVALIDDATA;
- if (channels <= 0 || bps <= 0 || sample_rate <= 0)
+ if (channels <= 0 || channels > FF_SANE_NB_CHANNELS ||
+ bps <= 0 || bps > INT_MAX / FF_SANE_NB_CHANNELS || sample_rate <= 0)
return AVERROR_INVALIDDATA;
st = avformat_new_stream(s, NULL);
More information about the ffmpeg-cvslog
mailing list