Re: [FFmpeg-devel] [PATCH 2/2] wmavoice: prevent division by zero crash

Sun, 01 Jan 2017 14:52:09 -0800 

On 01.01.2017 23:23, Ronald S. Bultje wrote:
> On Sun, Jan 1, 2017 at 5:19 PM, Andreas Cadhalpun 
> <andreas.cadhal...@googlemail.com <mailto:andreas.cadhal...@googlemail.com>> 
> wrote:
> 
>     The problem was introduced by commit
>     3deb4b54a24f8cddce463d9f5751b01efeb976af.
> 
>     Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com 
> <mailto:andreas.cadhal...@googlemail.com>>
>     ---
>      libavcodec/wmavoice.c | 2 +-
>      1 file changed, 1 insertion(+), 1 deletion(-)
> 
>     diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c
>     index 1bfad46b2e..279b44dc12 100644
>     --- a/libavcodec/wmavoice.c
>     +++ b/libavcodec/wmavoice.c
>     @@ -1908,7 +1908,7 @@ static int wmavoice_decode_packet(AVCodecContext 
> *ctx, void *data,
>          /* size == ctx->block_align is used to indicate whether we are 
> dealing with
>           * a new packet or a packet of which we already read the packet 
> header
>           * previously. */
>     -    if (!(size % ctx->block_align)) { // new packet header
>     +    if (ctx->block_align && !(size % ctx->block_align)) { // new packet 
> header
>              if (!size) {
>                  s->spillover_nbits = 0;
>                  s->nb_superframes = 0;
>     --
>     2.11.0
> 
> 
> nak.
> 
> The init routine should error out if block_align is zero.
> The codec can not operate without block_align set.

Fine for me. Patch doing that is attached.

Best regards,
Andreas


>From caec0e9f57ddc2373d3e2cb56ed1e6c3ce0df166 Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
Date: Sun, 1 Jan 2017 22:48:38 +0100
Subject: [PATCH] wmavoice: validate block alignment

This prevents a division by zero crash in wmavoice_decode_packet.

The problem was introduced by commit
3deb4b54a24f8cddce463d9f5751b01efeb976af.

Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
---
 libavcodec/wmavoice.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c
index 1bfad46b2e..080ec86b53 100644
--- a/libavcodec/wmavoice.c
+++ b/libavcodec/wmavoice.c
@@ -388,6 +388,11 @@ static av_cold int wmavoice_decode_init(AVCodecContext *ctx)
                ctx->extradata_size);
         return AVERROR_INVALIDDATA;
     }
+    if (ctx->block_align <= 0) {
+        av_log(ctx, AV_LOG_ERROR, "Invalid block alignment %d.\n", ctx->block_align);
+        return AVERROR_INVALIDDATA;
+    }
+
     flags                = AV_RL32(ctx->extradata + 18);
     s->spillover_bitsize = 3 + av_ceil_log2(ctx->block_align);
     s->do_apf            =    flags & 0x1;
-- 
2.11.0


_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Reply via email to