[FFmpeg-cvslog] matroskadec: validate audio channels and bitdepth
Andreas Cadhalpun
git at videolan.org
Thu Aug 20 14:53:42 CEST 2015
ffmpeg | branch: release/2.4 | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Mon Jun 15 21:06:51 2015 +0200| [933ae708c5fca9e65dde3abf8927e10498bdee55] | committer: Michael Niedermayer
matroskadec: validate audio channels and bitdepth
In the TTA extradata re-construction the values are written with
avio_wl16 and if they don't fit into uint16_t, this triggers an
av_assert2 in avio_w8.
Reviewed-by: Michael Niedermayer <michaelni at gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
(cherry picked from commit 92e79a2f7bf2f8bb0cb2d1a3e4d76737557071c4)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=933ae708c5fca9e65dde3abf8927e10498bdee55
---
libavformat/matroskadec.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 21b0002..d14ad2d 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1797,6 +1797,18 @@ static int matroska_parse_tracks(AVFormatContext *s)
NULL, NULL, NULL, NULL);
avio_write(&b, "TTA1", 4);
avio_wl16(&b, 1);
+ if (track->audio.channels > UINT16_MAX ||
+ track->audio.bitdepth > UINT16_MAX) {
+ av_log(matroska->ctx, AV_LOG_WARNING,
+ "Too large audio channel number %"PRIu64
+ " or bitdepth %"PRIu64". Skipping track.\n",
+ track->audio.channels, track->audio.bitdepth);
+ av_freep(&extradata);
+ if (matroska->ctx->error_recognition & AV_EF_EXPLODE)
+ return AVERROR_INVALIDDATA;
+ else
+ continue;
+ }
avio_wl16(&b, track->audio.channels);
avio_wl16(&b, track->audio.bitdepth);
if (track->audio.out_samplerate < 0 || track->audio.out_samplerate > INT_MAX)
More information about the ffmpeg-cvslog
mailing list