[FFmpeg-cvslog] mov: prevent overflow during bit rate calculation

Wed, 14 Dec 2016 16:28:50 -0800 

ffmpeg | branch: master | Andreas Cadhalpun <andreas.cadhal...@googlemail.com> 
| Wed Dec 14 01:53:23 2016 +0100| [076c3a9fa23ca2b0dd167a087ab1e4fb4357a31b] | 
committer: Andreas Cadhalpun

mov: prevent overflow during bit rate calculation

Reviewed-by: Michael Niedermayer <mich...@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=076c3a9fa23ca2b0dd167a087ab1e4fb4357a31b
---

 libavformat/mov.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 6c8affc..fc0b25c 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -5887,8 +5887,15 @@ static int mov_read_header(AVFormatContext *s)
         for (i = 0; i < s->nb_streams; i++) {
             AVStream *st = s->streams[i];
             MOVStreamContext *sc = st->priv_data;
-            if (st->duration > 0)
+            if (st->duration > 0) {
+                if (sc->data_size > INT64_MAX / sc->time_scale / 8) {
+                    av_log(s, AV_LOG_ERROR, "Overflow during bit rate 
calculation %"PRId64" * 8 * %d\n",
+                           sc->data_size, sc->time_scale);
+                    mov_read_close(s);
+                    return AVERROR_INVALIDDATA;
+                }
                 st->codecpar->bit_rate = sc->data_size * 8 * sc->time_scale / 
st->duration;
+            }
         }
     }
 
@@ -5897,6 +5904,12 @@ static int mov_read_header(AVFormatContext *s)
             AVStream *st = s->streams[i];
             MOVStreamContext *sc = st->priv_data;
             if (sc->duration_for_fps > 0) {
+                if (sc->data_size > INT64_MAX / sc->time_scale / 8) {
+                    av_log(s, AV_LOG_ERROR, "Overflow during bit rate 
calculation %"PRId64" * 8 * %d\n",
+                           sc->data_size, sc->time_scale);
+                    mov_read_close(s);
+                    return AVERROR_INVALIDDATA;
+                }
                 st->codecpar->bit_rate = sc->data_size * 8 * sc->time_scale /
                     sc->duration_for_fps;
             }

_______________________________________________
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

Reply via email to