[FFmpeg-cvslog] cafdec: prevent overflow during bit rate calculation
Andreas Cadhalpun
git at videolan.org
Thu Dec 15 02:27:54 EET 2016
ffmpeg | branch: master | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Wed Dec 14 01:53:19 2016 +0100| [baba9c6aef88727bb0182631dc67744d36cadea4] | committer: Andreas Cadhalpun
cafdec: prevent overflow during bit rate calculation
Reviewed-by: Michael Niedermayer <michael at niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=baba9c6aef88727bb0182631dc67744d36cadea4
---
libavformat/cafdec.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c
index 1c4ca40..0e6179a 100644
--- a/libavformat/cafdec.c
+++ b/libavformat/cafdec.c
@@ -323,8 +323,13 @@ static int read_header(AVFormatContext *s)
if (caf->data_size > 0)
st->nb_frames = (caf->data_size / caf->bytes_per_packet) * caf->frames_per_packet;
} else if (st->nb_index_entries && st->duration > 0) {
- st->codecpar->bit_rate = st->codecpar->sample_rate * caf->data_size * 8 /
- st->duration;
+ if (st->codecpar->sample_rate && caf->data_size / st->duration > INT64_MAX / st->codecpar->sample_rate / 8) {
+ av_log(s, AV_LOG_ERROR, "Overflow during bit rate calculation %d * 8 * %"PRId64"\n",
+ st->codecpar->sample_rate, caf->data_size / st->duration);
+ return AVERROR_INVALIDDATA;
+ }
+ st->codecpar->bit_rate = st->codecpar->sample_rate * 8LL *
+ (caf->data_size / st->duration);
} else {
av_log(s, AV_LOG_ERROR, "Missing packet table. It is required when "
"block size or frame size are variable.\n");
More information about the ffmpeg-cvslog
mailing list