On Sat, 25 Apr 2020 13:15:25 +0200
"Michael Niedermayer" <mich...@niedermayer.cc> wrote:
> > +static int pp_bnk_probe(const AVProbeData *p)
> > +{
> > + uint32_t sample_rate = AV_RL32(p->buf + 4);
> > + uint32_t track_count = AV_RL32(p->buf + 12);
> > + uint32_t flags = AV_RL32(p->buf + 16);
> > +
> > + if (track_count == 0 || sample_rate == 0)
> > + return 0;
>
> the header code checks these also for INT_MAX
>
>
See below I check both track_count and sample_rate for sane upper
limits. Is it worth adding an INT_MAX check too?
/* These limits are based on analysing the game files. */
if (track_count > 113)
return 10;
if ((sample_rate != 5512) && (sample_rate != 11025) &&
(sample_rate != 22050) && (sample_rate != 44100))
return 10;
> > +
> > + /* Sometimes we have the first track header, so check that
> > too. */
> > + if (p->buf_size >= 32 && AV_RL32(p->buf + 28) != sample_rate)
> > + return 0;
>
> are files with 32 or less bytes valid ?
> If not its probably better to not recognize such small pieces
>
A file needs at least one track and the first track header is
immediately after the file header, so I guess the minimum valid size
would be 40 (assuming an empty track).
Would removing the "p->buf_size >= 32" check be alright?
Zane
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
