[FFmpeg-cvslog] avcodec/wavpack: Check L/ R values before use to avoid harmless integer overflow and undefined behavior in fate

Michael Niedermayer git at videolan.org
Tue Jun 2 00:50:17 CEST 2015


ffmpeg | branch: release/2.4 | Michael Niedermayer <michaelni at gmx.at> | Sun May  3 15:54:21 2015 +0200| [3126d6ee02ccdde1beb66ea9e65af5b392117ca6] | committer: Michael Niedermayer

avcodec/wavpack: Check L/R values before use to avoid harmless integer overflow and undefined behavior in fate

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 042260cde4ecf716438c5fc92d15ad5f037ee2e1)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3126d6ee02ccdde1beb66ea9e65af5b392117ca6
---

 libavcodec/wavpack.c |    8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index 1ad3901..b51a21c 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -472,6 +472,14 @@ static inline int wv_unpack_stereo(WavpackFrameContext *s, GetBitContext *gb,
                 s->decorr[i].samplesB[0] = L;
             }
         }
+
+        if (type == AV_SAMPLE_FMT_S16P) {
+            if (FFABS(L) + FFABS(R) > (1<<19)) {
+                av_log(s->avctx, AV_LOG_ERROR, "sample %d %d too large\n", L, R);
+                return AVERROR_INVALIDDATA;
+            }
+        }
+
         pos = (pos + 1) & 7;
         if (s->joint)
             L += (R -= (L >> 1));



More information about the ffmpeg-cvslog mailing list