On Thu, Oct 20, 2016 at 08:19:00PM +0200, Andreas Cadhalpun wrote: > On 20.10.2016 02:59, Michael Niedermayer wrote: > > On Wed, Oct 19, 2016 at 10:41:22PM +0200, Andreas Cadhalpun wrote: > >> Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> > >> --- > >> libavformat/dcstr.c | 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > >> > >> diff --git a/libavformat/dcstr.c b/libavformat/dcstr.c > >> index 69fae41..d5d2281 100644 > >> --- a/libavformat/dcstr.c > >> +++ b/libavformat/dcstr.c > >> @@ -47,7 +47,7 @@ static int dcstr_read_header(AVFormatContext *s) > >> avio_skip(s->pb, 4); > >> st->duration = avio_rl32(s->pb); > > > >> st->codecpar->channels *= avio_rl32(s->pb); > > > > This here can overflow and needs a check > > Yes. > > > > >> - if (!align || align > INT_MAX / st->codecpar->channels) > >> + if (!align || !st->codecpar->channels || align > INT_MAX / > >> st->codecpar->channels) > >> return AVERROR_INVALIDDATA; > > > > might need a <0 check too should be ok otherwise > > OK. New patch attached. > > Best regards, > Andreas >
> dcstr.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > 365ebc3a050fcccc6754a981340e0a8df5dbf781 > 0001-dcstr-fix-division-by-zero.patch > From 656f4ea3f664417197a622dcf80284e890caa849 Mon Sep 17 00:00:00 2001 > From: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> > Date: Thu, 20 Oct 2016 20:13:54 +0200 > Subject: [PATCH] dcstr: fix division by zero > > Also check for possible overflows. > > Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> > --- > libavformat/dcstr.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) LGTM thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB The greatest way to live with honor in this world is to be what we pretend to be. -- Socrates
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel