On Fri, Jan 06, 2017 at 08:48:02PM +0100, Andreas Cadhalpun wrote: > Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> > --- > libavformat/genh.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/libavformat/genh.c b/libavformat/genh.c > index b683e026d1..6ce2588ed3 100644 > --- a/libavformat/genh.c > +++ b/libavformat/genh.c > @@ -74,6 +74,7 @@ static int genh_read_header(AVFormatContext *s) > case 0: st->codecpar->codec_id = AV_CODEC_ID_ADPCM_PSX; break; > case 1: > case 11: st->codecpar->bits_per_coded_sample = 4; > + FF_RETURN_ON_OVERFLOW(s, st->codecpar->channels > INT_MAX / 36) > st->codecpar->block_align = 36 * st->codecpar->channels; > st->codecpar->codec_id = AV_CODEC_ID_ADPCM_IMA_WAV; break; > case 2: st->codecpar->codec_id = AV_CODEC_ID_ADPCM_DTK; break;
i see a channels * 1024 in genh_read_packet() is the added check sufficient ? also i think we should ask for a sample for a file that has a channel count beyond normal bounds [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB You can kill me, but you cannot change the truth.
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
