[FFmpeg-devel] [PATCH 6/9] nistspheredec: prevent overflow during block alignment calculation

Ronald S. Bultje rsbultje at gmail.com
Sat Jan 7 00:37:05 EET 2017


Hi,

On Fri, Jan 6, 2017 at 5:30 PM, Andreas Cadhalpun <
andreas.cadhalpun at googlemail.com> wrote:

> On 06.01.2017 22:30, Ronald S. Bultje wrote:
> > On Fri, Jan 6, 2017 at 2:48 PM, Andreas Cadhalpun <
> > andreas.cadhalpun at googlemail.com> wrote:
> >
> >> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> >> ---
> >>  libavformat/nistspheredec.c | 1 +
> >>  1 file changed, 1 insertion(+)
> >>
> >> diff --git a/libavformat/nistspheredec.c b/libavformat/nistspheredec.c
> >> index 782d1dfbfb..9023ed7fc7 100644
> >> --- a/libavformat/nistspheredec.c
> >> +++ b/libavformat/nistspheredec.c
> >> @@ -80,6 +80,7 @@ static int nist_read_header(AVFormatContext *s)
> >>
> >>              avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate);
> >>
> >> +            FF_RETURN_ON_OVERFLOW(s, st->codecpar->channels &&
> >> st->codecpar->bits_per_coded_sample > INT_MAX / st->codecpar->channels)
> >
> >
> > Same comment as the other one, the channels == 0 isn't a valid case that
> we
> > want to special case, probably check that it's not zero separately.
>
> Here I disagree: This is only the demuxer, that doesn't need to know
> the number of channels, which can be set later by the decoder.
> (For example the shorten decoder does this.)


Hm ... I don't like how we're adding special-case code for hypothetical
cases that can only come from entirely broken muxers or fuzzers. I'll leave
it to others to break the tie.

Ronald


More information about the ffmpeg-devel mailing list