[FFmpeg-devel] [PATCH] lavf/mp3enc: make sure the header is valid before writing audio pkt.

Clément Bœsch ubitux at gmail.com
Fri Nov 16 09:24:47 CET 2012


From: Clément Bœsch <clement.boesch at smartjog.com>

An invalid header can lead avpriv_mpegaudio_decode_header() to overread
and/or div by zero.
---
Should we write the packet anyway instead of dropping it completely?
---
 libavformat/mp3enc.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libavformat/mp3enc.c b/libavformat/mp3enc.c
index 044eb29..4723a04 100644
--- a/libavformat/mp3enc.c
+++ b/libavformat/mp3enc.c
@@ -262,8 +262,11 @@ static int mp3_write_audio_packet(AVFormatContext *s, AVPacket *pkt)
     if (pkt->data && pkt->size >= 4) {
         MPADecodeHeader c;
         int av_unused base;
+        uint32_t head = AV_RB32(pkt->data);
 
-        avpriv_mpegaudio_decode_header(&c, AV_RB32(pkt->data));
+        if (ff_mpa_check_header(head) != 0)
+            return 0;
+        avpriv_mpegaudio_decode_header(&c, head);
 
         if (!mp3->initial_bitrate)
             mp3->initial_bitrate = c.bit_rate;
-- 
1.7.10.4



More information about the ffmpeg-devel mailing list