On Mon, Oct 17, 2016 at 04:17:35PM +0200, Andreas Cadhalpun wrote: > On 17.10.2016 05:43, Michael Niedermayer wrote: > > On Sun, Oct 16, 2016 at 10:38:42PM +0200, Andreas Cadhalpun wrote: > >> Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> > >> --- > >> libavformat/aiffdec.c | 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > >> > >> diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c > >> index cd916f9..de82787 100644 > >> --- a/libavformat/aiffdec.c > >> +++ b/libavformat/aiffdec.c > >> @@ -380,7 +380,7 @@ static int aiff_read_packet(AVFormatContext *s, > >> size = st->codecpar->block_align; > >> break; > >> default: > >> - size = (MAX_SIZE / st->codecpar->block_align) * > >> st->codecpar->block_align; > >> + size = st->codecpar->block_align ? (MAX_SIZE / > >> st->codecpar->block_align) * st->codecpar->block_align : MAX_SIZE; > > > > how do you reach block_align == 0 ? > > aiff_read_header() checks for block_align == 0 > > I'm not aware of a way to reproduce this with the ffmpeg binary, however > an API user (e.g. my fuzz-testing-program) can change codecpar->codec_type > and codecpar->codec_id to force decoding a stream with a particular codec. > > However, avcodec_parameters_from_context sets codecpar->block_align to 0 > for AVMEDIA_TYPE_VIDEO thus causing the subsequent crash.
hmm, patch is probably ok then thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Concerning the gods, I have no means of knowing whether they exist or not or of what sort they may be, because of the obscurity of the subject, and the brevity of human life -- Protagoras
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
