[FFmpeg-devel] [PATCH] avcodec/wavpack: check for overflow
Michael Niedermayer
michaelni at gmx.at
Sat Jun 15 22:13:08 CEST 2013
Fix integer overflow in fate
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
---
libavcodec/wavpack.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index 47f598a..dd273f7 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -581,8 +581,14 @@ static inline int wv_unpack_stereo(WavpackFrameContext *s, GetBitContext *gb,
L2 = L + ((s->decorr[i].weightA * (int64_t)A + 512) >> 10);
R2 = R + ((s->decorr[i].weightB * (int64_t)B + 512) >> 10);
} else {
- L2 = L + ((s->decorr[i].weightA * A + 512) >> 10);
- R2 = R + ((s->decorr[i].weightB * B + 512) >> 10);
+ int64_t Lt = s->decorr[i].weightA * (int64_t)A + 512;
+ int64_t Rt = s->decorr[i].weightB * (int64_t)B + 512;
+ if ((int32_t)Lt != Lt || (int32_t)Rt != Rt) {
+ av_log(s->avctx, AV_LOG_ERROR, "sample overflow %d %d\n", A, B);
+ return AVERROR_INVALIDDATA;
+ }
+ L2 = L + (Lt >> 10);
+ R2 = R + (Rt >> 10);
}
if (A && L)
s->decorr[i].weightA -= ((((L ^ A) >> 30) & 2) - 1) * s->decorr[i].delta;
--
1.7.9.5
More information about the ffmpeg-devel
mailing list