ffmpeg | branch: release/3.0 | Andreas Cadhalpun <andreas.cadhal...@googlemail.com> | Thu Oct 20 20:13:54 2016 +0200| [e8ab2bd2ac85ad0b1013f247d35032b7cd7f771e] | committer: Andreas Cadhalpun
dcstr: fix division by zero Also check for possible overflows. Reviewed-by: Michael Niedermayer <mich...@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> (cherry picked from commit b0a043f51b8cc3b420dc3ceaa38fe9aa344799aa) Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e8ab2bd2ac85ad0b1013f247d35032b7cd7f771e --- libavformat/dcstr.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavformat/dcstr.c b/libavformat/dcstr.c index 2ae61de..e9714e5 100644 --- a/libavformat/dcstr.c +++ b/libavformat/dcstr.c @@ -33,6 +33,7 @@ static int dcstr_probe(AVProbeData *p) static int dcstr_read_header(AVFormatContext *s) { unsigned codec, align; + int mult; AVStream *st; st = avformat_new_stream(s, NULL); @@ -46,7 +47,12 @@ static int dcstr_read_header(AVFormatContext *s) align = avio_rl32(s->pb); avio_skip(s->pb, 4); st->duration = avio_rl32(s->pb); - st->codec->channels *= avio_rl32(s->pb); + mult = avio_rl32(s->pb); + if (st->codec->channels <= 0 || mult <= 0 || mult > INT_MAX / st->codec->channels) { + av_log(s, AV_LOG_ERROR, "invalid number of channels %d x %d\n", st->codec->channels, mult); + return AVERROR_INVALIDDATA; + } + st->codec->channels *= mult; if (!align || align > INT_MAX / st->codec->channels) return AVERROR_INVALIDDATA; st->codec->block_align = align * st->codec->channels; _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
