| Message ID | 1379599756-27062-6-git-send-email-martin@martin.st |
|---|---|
| State | Committed |
| Headers | show |
On Thu, Sep 19, 2013 at 05:09:11PM +0300, Martin Storsjö wrote: > This avoids divisions by zero later. > > Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind > CC: libav-stable@libav.org > --- > libavformat/segafilm.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/libavformat/segafilm.c b/libavformat/segafilm.c > index adf2475..ac9c873 100644 > --- a/libavformat/segafilm.c > +++ b/libavformat/segafilm.c > @@ -111,6 +111,10 @@ static int film_read_header(AVFormatContext *s) > return AVERROR(EIO); > film->audio_samplerate = AV_RB16(&scratch[24]); > film->audio_channels = scratch[21]; > + if (film->audio_channels == 0) { > + av_log(s, AV_LOG_ERROR, "Invalid number of channels\n"); > + return AVERROR_INVALIDDATA; > + } > film->audio_bits = scratch[22]; > if (scratch[23] == 2) > film->audio_type = AV_CODEC_ID_ADPCM_ADX; > -- why not check for too many channels too? LGTM though
On Thu, 19 Sep 2013, Kostya Shishkov wrote: > On Thu, Sep 19, 2013 at 05:09:11PM +0300, Martin Storsjö wrote: >> This avoids divisions by zero later. >> >> Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind >> CC: libav-stable@libav.org >> --- >> libavformat/segafilm.c | 4 ++++ >> 1 file changed, 4 insertions(+) >> >> diff --git a/libavformat/segafilm.c b/libavformat/segafilm.c >> index adf2475..ac9c873 100644 >> --- a/libavformat/segafilm.c >> +++ b/libavformat/segafilm.c >> @@ -111,6 +111,10 @@ static int film_read_header(AVFormatContext *s) >> return AVERROR(EIO); >> film->audio_samplerate = AV_RB16(&scratch[24]); >> film->audio_channels = scratch[21]; >> + if (film->audio_channels == 0) { >> + av_log(s, AV_LOG_ERROR, "Invalid number of channels\n"); >> + return AVERROR_INVALIDDATA; >> + } >> film->audio_bits = scratch[22]; >> if (scratch[23] == 2) >> film->audio_type = AV_CODEC_ID_ADPCM_ADX; >> -- > > why not check for too many channels too? What would be a good limit here then - 42 here as well? // Martin
On Thu, Sep 19, 2013 at 06:38:45PM +0300, Martin Storsjö wrote: > On Thu, 19 Sep 2013, Kostya Shishkov wrote: > > >On Thu, Sep 19, 2013 at 05:09:11PM +0300, Martin Storsjö wrote: > >>This avoids divisions by zero later. > >> > >>Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind > >>CC: libav-stable@libav.org > >>--- > >> libavformat/segafilm.c | 4 ++++ > >> 1 file changed, 4 insertions(+) > >> > >>diff --git a/libavformat/segafilm.c b/libavformat/segafilm.c > >>index adf2475..ac9c873 100644 > >>--- a/libavformat/segafilm.c > >>+++ b/libavformat/segafilm.c > >>@@ -111,6 +111,10 @@ static int film_read_header(AVFormatContext *s) > >> return AVERROR(EIO); > >> film->audio_samplerate = AV_RB16(&scratch[24]); > >> film->audio_channels = scratch[21]; > >>+ if (film->audio_channels == 0) { > >>+ av_log(s, AV_LOG_ERROR, "Invalid number of channels\n"); > >>+ return AVERROR_INVALIDDATA; > >>+ } > >> film->audio_bits = scratch[22]; > >> if (scratch[23] == 2) > >> film->audio_type = AV_CODEC_ID_ADPCM_ADX; > >>-- > > > >why not check for too many channels too? > > What would be a good limit here then - 42 here as well? I'd expect 2
diff --git a/libavformat/segafilm.c b/libavformat/segafilm.c index adf2475..ac9c873 100644 --- a/libavformat/segafilm.c +++ b/libavformat/segafilm.c @@ -111,6 +111,10 @@ static int film_read_header(AVFormatContext *s) return AVERROR(EIO); film->audio_samplerate = AV_RB16(&scratch[24]); film->audio_channels = scratch[21]; + if (film->audio_channels == 0) { + av_log(s, AV_LOG_ERROR, "Invalid number of channels\n"); + return AVERROR_INVALIDDATA; + } film->audio_bits = scratch[22]; if (scratch[23] == 2) film->audio_type = AV_CODEC_ID_ADPCM_ADX;