[FFmpeg-cvslog] avcodec/wavpack: Check L/ R values before use to avoid harmless integer overflow and undefined behavior in fate
Michael Niedermayer
git at videolan.org
Tue Jun 2 00:50:17 CEST 2015
ffmpeg | branch: release/2.4 | Michael Niedermayer <michaelni at gmx.at> | Sun May 3 15:54:21 2015 +0200| [3126d6ee02ccdde1beb66ea9e65af5b392117ca6] | committer: Michael Niedermayer
avcodec/wavpack: Check L/R values before use to avoid harmless integer overflow and undefined behavior in fate
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 042260cde4ecf716438c5fc92d15ad5f037ee2e1)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3126d6ee02ccdde1beb66ea9e65af5b392117ca6
---
libavcodec/wavpack.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index 1ad3901..b51a21c 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -472,6 +472,14 @@ static inline int wv_unpack_stereo(WavpackFrameContext *s, GetBitContext *gb,
s->decorr[i].samplesB[0] = L;
}
}
+
+ if (type == AV_SAMPLE_FMT_S16P) {
+ if (FFABS(L) + FFABS(R) > (1<<19)) {
+ av_log(s->avctx, AV_LOG_ERROR, "sample %d %d too large\n", L, R);
+ return AVERROR_INVALIDDATA;
+ }
+ }
+
pos = (pos + 1) & 7;
if (s->joint)
L += (R -= (L >> 1));
More information about the ffmpeg-cvslog
mailing list