[FFmpeg-devel] [PATCH] asfdec: division by 0 on missing packet size
Baptiste Coudurier
baptiste.coudurier
Mon Jul 6 18:57:34 CEST 2009
On 7/6/2009 7:50 AM, Michael Niedermayer wrote:
> On Fri, Jul 03, 2009 at 01:24:16PM +0200, Reimar D?ffinger wrote:
>> On Thu, Jul 02, 2009 at 09:26:51PM +0200, Michael Niedermayer wrote:
>>>> @@ -629,6 +632,7 @@
>>>> DO_2BITS(asf->packet_flags >> 1, padsize, 0); // sequence ignored
>>>> DO_2BITS(asf->packet_flags >> 3, padsize, 0); // padding length
>>>>
>>>> + if (!packet_length) packet_length = 16451;
>>>> //the following checks prevent overflows and infinite loops
>>>> if(packet_length >= (1U<<29)){
>>>> av_log(s, AV_LOG_ERROR, "invalid packet_length %d at:%"PRId64"\n", packet_length, url_ftell(pb));
>>> ehm
>>> an error message and return -1 seems a saner solution
>> This was just meant to demonstrate how I verified that patch to be
>> working without having a file that does not use packet_size.
>> I'd prefer to not check for this case at all, since I do not know 100%
>> sure that packet_length == 0 is invalid.
>> In addition, in most cases this is caught by the padsize >= packet_length
>> check anyway.
>> Correction: since it's >=, it will always be caught by this check, so
>
>> packet_length == 0 is already treated as invalid, do you want me to apply this:
>
> yes
FYI, windows media player play a few video frames and sound of this file
(smclockv7.wmv)
--
Baptiste COUDURIER GnuPG Key Id: 0x5C1ABAAA
Key fingerprint 8D77134D20CC9220201FC5DB0AC9325C5C1ABAAA
FFmpeg maintainer http://www.ffmpeg.org
More information about the ffmpeg-devel
mailing list