On 17.10.2016 17:13, Michael Niedermayer wrote: > On Mon, Oct 17, 2016 at 04:17:35PM +0200, Andreas Cadhalpun wrote: >> On 17.10.2016 05:43, Michael Niedermayer wrote: >>> On Sun, Oct 16, 2016 at 10:38:42PM +0200, Andreas Cadhalpun wrote: >>>> Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> >>>> --- >>>> libavformat/aiffdec.c | 2 +- >>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>> >>>> diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c >>>> index cd916f9..de82787 100644 >>>> --- a/libavformat/aiffdec.c >>>> +++ b/libavformat/aiffdec.c >>>> @@ -380,7 +380,7 @@ static int aiff_read_packet(AVFormatContext *s, >>>> size = st->codecpar->block_align; >>>> break; >>>> default: >>>> - size = (MAX_SIZE / st->codecpar->block_align) * >>>> st->codecpar->block_align; >>>> + size = st->codecpar->block_align ? (MAX_SIZE / >>>> st->codecpar->block_align) * st->codecpar->block_align : MAX_SIZE; >>> >>> how do you reach block_align == 0 ? >>> aiff_read_header() checks for block_align == 0 >> >> I'm not aware of a way to reproduce this with the ffmpeg binary, however >> an API user (e.g. my fuzz-testing-program) can change codecpar->codec_type >> and codecpar->codec_id to force decoding a stream with a particular codec. >> >> However, avcodec_parameters_from_context sets codecpar->block_align to 0 >> for AVMEDIA_TYPE_VIDEO thus causing the subsequent crash. > > hmm, patch is probably ok then
Pushed. What about the similar patches for astdec and westwood_aud? Best regards, Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
