On 17.10.2016 20:11, Michael Niedermayer wrote: > On Mon, Oct 17, 2016 at 06:27:29PM +0200, Andreas Cadhalpun wrote: >> On 17.10.2016 17:13, Michael Niedermayer wrote: >>> On Mon, Oct 17, 2016 at 04:17:35PM +0200, Andreas Cadhalpun wrote: >>>> On 17.10.2016 05:43, Michael Niedermayer wrote: >>>>> On Sun, Oct 16, 2016 at 10:38:42PM +0200, Andreas Cadhalpun wrote: >>>>>> Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> >>>>>> --- >>>>>> libavformat/aiffdec.c | 2 +- >>>>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>>>> >>>>>> diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c >>>>>> index cd916f9..de82787 100644 >>>>>> --- a/libavformat/aiffdec.c >>>>>> +++ b/libavformat/aiffdec.c >>>>>> @@ -380,7 +380,7 @@ static int aiff_read_packet(AVFormatContext *s, >>>>>> size = st->codecpar->block_align; >>>>>> break; >>>>>> default: >>>>>> - size = (MAX_SIZE / st->codecpar->block_align) * >>>>>> st->codecpar->block_align; >>>>>> + size = st->codecpar->block_align ? (MAX_SIZE / >>>>>> st->codecpar->block_align) * st->codecpar->block_align : MAX_SIZE; >>>>> >>>>> how do you reach block_align == 0 ? >>>>> aiff_read_header() checks for block_align == 0 >>>> >>>> I'm not aware of a way to reproduce this with the ffmpeg binary, however >>>> an API user (e.g. my fuzz-testing-program) can change codecpar->codec_type >>>> and codecpar->codec_id to force decoding a stream with a particular codec. >>>> >>>> However, avcodec_parameters_from_context sets codecpar->block_align to 0 >>>> for AVMEDIA_TYPE_VIDEO thus causing the subsequent crash. >>> >>> hmm, patch is probably ok then >> >> Pushed. >> >> What about the similar patches for astdec and westwood_aud? > > probably ok too
Thanks, pushed both. Best regards, Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
