[FFmpeg-devel] [PATCH 4/9] genh: prevent overflow during block alignment calculation

Michael Niedermayer michael at niedermayer.cc
Sat Jan 7 03:43:27 EET 2017


On Fri, Jan 06, 2017 at 08:48:02PM +0100, Andreas Cadhalpun wrote:
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> ---
>  libavformat/genh.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/libavformat/genh.c b/libavformat/genh.c
> index b683e026d1..6ce2588ed3 100644
> --- a/libavformat/genh.c
> +++ b/libavformat/genh.c
> @@ -74,6 +74,7 @@ static int genh_read_header(AVFormatContext *s)
>      case  0: st->codecpar->codec_id = AV_CODEC_ID_ADPCM_PSX;        break;
>      case  1:
>      case 11: st->codecpar->bits_per_coded_sample = 4;
> +             FF_RETURN_ON_OVERFLOW(s, st->codecpar->channels > INT_MAX / 36)
>               st->codecpar->block_align = 36 * st->codecpar->channels;
>               st->codecpar->codec_id = AV_CODEC_ID_ADPCM_IMA_WAV;    break;
>      case  2: st->codecpar->codec_id = AV_CODEC_ID_ADPCM_DTK;        break;

i see a channels * 1024 in genh_read_packet()
is the added check sufficient ?

also i think we should ask for a sample for a file that has a
channel count beyond normal bounds


[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

You can kill me, but you cannot change the truth.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20170107/905dfa88/attachment.sig>


More information about the ffmpeg-devel mailing list