[FFmpeg-devel] [PATCH] dcstr: fix division by zero

Michael Niedermayer michael at niedermayer.cc
Fri Oct 21 02:37:12 EEST 2016 

On Thu, Oct 20, 2016 at 08:19:00PM +0200, Andreas Cadhalpun wrote:
> On 20.10.2016 02:59, Michael Niedermayer wrote:
> > On Wed, Oct 19, 2016 at 10:41:22PM +0200, Andreas Cadhalpun wrote:
> >> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> >> ---
> >>  libavformat/dcstr.c | 2 +-
> >>  1 file changed, 1 insertion(+), 1 deletion(-)
> >>
> >> diff --git a/libavformat/dcstr.c b/libavformat/dcstr.c
> >> index 69fae41..d5d2281 100644
> >> --- a/libavformat/dcstr.c
> >> +++ b/libavformat/dcstr.c
> >> @@ -47,7 +47,7 @@ static int dcstr_read_header(AVFormatContext *s)
> >>      avio_skip(s->pb, 4);
> >>      st->duration           = avio_rl32(s->pb);
> > 
> >>      st->codecpar->channels   *= avio_rl32(s->pb);
> > 
> > This here can overflow and needs a check
> 
> Yes.
> 
> > 
> >> -    if (!align || align > INT_MAX / st->codecpar->channels)
> >> +    if (!align || !st->codecpar->channels || align > INT_MAX / st->codecpar->channels)
> >>          return AVERROR_INVALIDDATA;
> > 
> > might need a <0 check too should be ok otherwise
> 
> OK. New patch attached.
> 
> Best regards,
> Andreas
> 

>  dcstr.c |    8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
> 365ebc3a050fcccc6754a981340e0a8df5dbf781  0001-dcstr-fix-division-by-zero.patch
> From 656f4ea3f664417197a622dcf80284e890caa849 Mon Sep 17 00:00:00 2001
> From: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> Date: Thu, 20 Oct 2016 20:13:54 +0200
> Subject: [PATCH] dcstr: fix division by zero
> 
> Also check for possible overflows.
> 
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> ---
>  libavformat/dcstr.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)

LGTM

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The greatest way to live with honor in this world is to be what we pretend
to be. -- Socrates
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20161021/0a8f06fb/attachment.sig>

More information about the ffmpeg-devel mailing list