[FFmpeg-devel] [PATCH] check for mod by zero (issue 2502)

Daniel Kang daniel.d.kang
Fri Jan 7 04:13:51 CET 2011


On Thu, Jan 6, 2011 at 9:48 PM, Michael Niedermayer <michaelni at gmx.at>wrote:

>  On Thu, Jan 06, 2011 at 09:36:28PM -0500, Daniel Kang wrote:
> > For PCM audio, ffmpeg does not check of the sample_size is zero before
> > multiplying, then modding. This causes ffmpeg to crash with SIGPE for
> > invalid sample_size. The patch attached adds a check for this.
> >
> > The roundup issue is 2502.
>
> >  pcm.c |    4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> > 349f5361ba6f50e9e3f82445ab78f1d8e36c5165  pcm_sanity_check.diff
> > From 474824a13fe578e241ce61e8bf4305e647eb8595 Mon Sep 17 00:00:00 2001
> > From: Daniel Kang <daniel.d.kang at gmail.com>
> > Date: Thu, 6 Jan 2011 21:03:27 -0500
> > Subject: [PATCH] Add check for pcm files.
> >
> > ---
> >  libavcodec/pcm.c |    4 ++--
> >  1 files changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/libavcodec/pcm.c b/libavcodec/pcm.c
> > index b6b49dc..992189f 100644
> > --- a/libavcodec/pcm.c
> > +++ b/libavcodec/pcm.c
> > @@ -294,8 +294,8 @@ static int pcm_decode_frame(AVCodecContext *avctx,
> >
> >      n = avctx->channels * sample_size;
> >
> > -    if(n && buf_size % n){
> > -        if (buf_size < n) {
> > +    if((n == 0)||(n && buf_size % n)){
> > +        if ((n == 0) || (buf_size < n)) {
> >              av_log(avctx, AV_LOG_ERROR, "invalid PCM packet\n");
> >              return -1;
>
> av_get_bits_per_sample(avctx->codec_id) == 0
> could be checked in pcm_decode_init()
> that way failure would happen earlier instead of later failing for every
> packet


I have tried adding this check, but it seems the values change between
pcm_decode_init and pcm_decode_frame. I am unsure why.



More information about the ffmpeg-devel mailing list