[FFmpeg-devel] [PATCH] asfdec: division by 0 on missing packet size

Michael Niedermayer michaelni
Mon Jul 6 16:50:02 CEST 2009


On Fri, Jul 03, 2009 at 01:24:16PM +0200, Reimar D?ffinger wrote:
> On Thu, Jul 02, 2009 at 09:26:51PM +0200, Michael Niedermayer wrote:
> > > @@ -629,6 +632,7 @@
> > >      DO_2BITS(asf->packet_flags >> 1, padsize, 0); // sequence ignored
> > >      DO_2BITS(asf->packet_flags >> 3, padsize, 0); // padding length
> > >  
> > > +    if (!packet_length) packet_length = 16451;
> > >      //the following checks prevent overflows and infinite loops
> > >      if(packet_length >= (1U<<29)){
> > >          av_log(s, AV_LOG_ERROR, "invalid packet_length %d at:%"PRId64"\n", packet_length, url_ftell(pb));
> > 
> > ehm
> > an error message and return -1 seems a saner solution
> 
> This was just meant to demonstrate how I verified that patch to be
> working without having a file that does not use packet_size.
> I'd prefer to not check for this case at all, since I do not know 100%
> sure that packet_length == 0 is invalid.
> In addition, in most cases this is caught by the padsize >= packet_length
> check anyway.
> Correction: since it's >=, it will always be caught by this check, so

> packet_length == 0 is already treated as invalid, do you want me to apply this:

yes

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Concerning the gods, I have no means of knowing whether they exist or not
or of what sort they may be, because of the obscurity of the subject, and
the brevity of human life -- Protagoras
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090706/788471d3/attachment.pgp>



More information about the ffmpeg-devel mailing list