On 07.01.2017 02:31, Michael Niedermayer wrote: > On Fri, Jan 06, 2017 at 09:27:29PM +0100, Andreas Cadhalpun wrote: >> 4xm.c | 1 + >> 1 file changed, 1 insertion(+) >> 4b27cb10f25865014fac1666956f7040d65113f9 >> 0002-4xm-prevent-overflow-during-block-alignment-calculat.patch >> From 861b62eec30feaa56b10eec7ba4029daf48a3c28 Mon Sep 17 00:00:00 2001 >> From: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> >> Date: Thu, 15 Dec 2016 02:14:31 +0100 >> Subject: [PATCH 2/9] 4xm: prevent overflow during block alignment calculation >> >> Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> >> --- >> libavformat/4xm.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/libavformat/4xm.c b/libavformat/4xm.c >> index 2758b69d29..58729fed0d 100644 >> --- a/libavformat/4xm.c >> +++ b/libavformat/4xm.c >> @@ -187,6 +187,7 @@ static int parse_strk(AVFormatContext *s, >> st->codecpar->bit_rate = (int64_t)st->codecpar->channels * >> st->codecpar->sample_rate * >> >> st->codecpar->bits_per_coded_sample; >> + FF_RETURN_ON_OVERFLOW(s, st->codecpar->bits_per_coded_sample > INT_MAX >> / st->codecpar->channels) >> st->codecpar->block_align = st->codecpar->channels * >> >> st->codecpar->bits_per_coded_sample; > > i think we should check channels for > 8 or something and ask for a > sample and check bits_per_coded_sample against what maximal sensible > value of bits a sample and ask for a sample if above
Actually avcodec_open2 already errors out if channels is larger than FF_SANE_NB_CHANNELS = 64. That check can already be done in the demuxer. Then defining INT_MAX / 64 as maximal sensible value of bits_per_coded_sample eliminates the need for FF_RETURN_ON_OVERFLOW checks. I'll send an updated patch series. Best regards, Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
