On Wed, Oct 19, 2016 at 10:41:22PM +0200, Andreas Cadhalpun wrote: > Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> > --- > libavformat/dcstr.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavformat/dcstr.c b/libavformat/dcstr.c > index 69fae41..d5d2281 100644 > --- a/libavformat/dcstr.c > +++ b/libavformat/dcstr.c > @@ -47,7 +47,7 @@ static int dcstr_read_header(AVFormatContext *s) > avio_skip(s->pb, 4); > st->duration = avio_rl32(s->pb);
> st->codecpar->channels *= avio_rl32(s->pb); This here can overflow and needs a check > - if (!align || align > INT_MAX / st->codecpar->channels) > + if (!align || !st->codecpar->channels || align > INT_MAX / > st->codecpar->channels) > return AVERROR_INVALIDDATA; might need a <0 check too should be ok otherwise [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Those who are too smart to engage in politics are punished by being governed by those who are dumber. -- Plato
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
