[FFmpeg-devel] [PATCH] check for mod by zero (issue 2502)

Michael Niedermayer michaelni
Fri Jan 7 15:24:05 CET 2011 

On Thu, Jan 06, 2011 at 10:13:51PM -0500, Daniel Kang wrote:
> On Thu, Jan 6, 2011 at 9:48 PM, Michael Niedermayer <michaelni at gmx.at>wrote:
> 
> >  On Thu, Jan 06, 2011 at 09:36:28PM -0500, Daniel Kang wrote:
> > > For PCM audio, ffmpeg does not check of the sample_size is zero before
> > > multiplying, then modding. This causes ffmpeg to crash with SIGPE for
> > > invalid sample_size. The patch attached adds a check for this.
> > >
> > > The roundup issue is 2502.
> >
> > >  pcm.c |    4 ++--
> > >  1 file changed, 2 insertions(+), 2 deletions(-)
> > > 349f5361ba6f50e9e3f82445ab78f1d8e36c5165  pcm_sanity_check.diff
> > > From 474824a13fe578e241ce61e8bf4305e647eb8595 Mon Sep 17 00:00:00 2001
> > > From: Daniel Kang <daniel.d.kang at gmail.com>
> > > Date: Thu, 6 Jan 2011 21:03:27 -0500
> > > Subject: [PATCH] Add check for pcm files.
> > >
> > > ---
> > >  libavcodec/pcm.c |    4 ++--
> > >  1 files changed, 2 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/libavcodec/pcm.c b/libavcodec/pcm.c
> > > index b6b49dc..992189f 100644
> > > --- a/libavcodec/pcm.c
> > > +++ b/libavcodec/pcm.c
> > > @@ -294,8 +294,8 @@ static int pcm_decode_frame(AVCodecContext *avctx,
> > >
> > >      n = avctx->channels * sample_size;
> > >
> > > -    if(n && buf_size % n){
> > > -        if (buf_size < n) {
> > > +    if((n == 0)||(n && buf_size % n)){
> > > +        if ((n == 0) || (buf_size < n)) {
> > >              av_log(avctx, AV_LOG_ERROR, "invalid PCM packet\n");
> > >              return -1;
> >
> > av_get_bits_per_sample(avctx->codec_id) == 0
> > could be checked in pcm_decode_init()
> > that way failure would happen earlier instead of later failing for every
> > packet
> 
> 
> I have tried adding this check, but it seems the values change between
> pcm_decode_init and pcm_decode_frame. I am unsure why.

codec_id changes ?
what is it before and what afterwards?

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I am the wisest man alive, for I know one thing, and that is that I know
nothing. -- Socrates
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20110107/74a092a6/attachment.pgp>

More information about the ffmpeg-devel mailing list