[FFmpeg-cvslog] matroskadec: validate audio channels and bitdepth
Andreas Cadhalpun
git at videolan.org
Tue Jul 28 03:21:33 CEST 2015
ffmpeg | branch: release/2.5 | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Mon Jun 15 21:06:51 2015 +0200| [5464da89056698856d919585256bb422558eb554] | committer: Michael Niedermayer
matroskadec: validate audio channels and bitdepth
In the TTA extradata re-construction the values are written with
avio_wl16 and if they don't fit into uint16_t, this triggers an
av_assert2 in avio_w8.
Reviewed-by: Michael Niedermayer <michaelni at gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
(cherry picked from commit 92e79a2f7bf2f8bb0cb2d1a3e4d76737557071c4)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5464da89056698856d919585256bb422558eb554
---
libavformat/matroskadec.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 0bfa9dc..0654b31 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1799,6 +1799,18 @@ static int matroska_parse_tracks(AVFormatContext *s)
NULL, NULL, NULL, NULL);
avio_write(&b, "TTA1", 4);
avio_wl16(&b, 1);
+ if (track->audio.channels > UINT16_MAX ||
+ track->audio.bitdepth > UINT16_MAX) {
+ av_log(matroska->ctx, AV_LOG_WARNING,
+ "Too large audio channel number %"PRIu64
+ " or bitdepth %"PRIu64". Skipping track.\n",
+ track->audio.channels, track->audio.bitdepth);
+ av_freep(&extradata);
+ if (matroska->ctx->error_recognition & AV_EF_EXPLODE)
+ return AVERROR_INVALIDDATA;
+ else
+ continue;
+ }
avio_wl16(&b, track->audio.channels);
avio_wl16(&b, track->audio.bitdepth);
if (track->audio.out_samplerate < 0 || track->audio.out_samplerate > INT_MAX)
More information about the ffmpeg-cvslog
mailing list