[FFmpeg-devel] [PATCH] mxfdec: Fix integer overflow with many channels
Michael Niedermayer
michaelni at gmx.at
Fri Jan 11 17:41:06 CET 2013
On Fri, Jan 11, 2013 at 05:18:37PM +0100, Matthieu Bouron wrote:
> On Tue, Jan 8, 2013 at 2:43 AM, Michael Niedermayer <michaelni at gmx.at> wrote:
> > Fixes division by zero
> >
> > Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> > Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> > ---
> > libavformat/mxfdec.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> > index bb5f4a7..648a579 100644
> > --- a/libavformat/mxfdec.c
> > +++ b/libavformat/mxfdec.c
> > @@ -2070,7 +2070,7 @@ static int mxf_set_audio_pts(MXFContext *mxf, AVCodecContext *codec, AVPacket *p
> > pkt->pts = track->sample_count;
> > if (codec->channels <= 0 || av_get_bits_per_sample(codec->codec_id) <= 0)
> > return AVERROR(EINVAL);
> > - track->sample_count += pkt->size / (codec->channels * av_get_bits_per_sample(codec->codec_id) / 8);
> > + track->sample_count += pkt->size / (codec->channels * (int64_t)av_get_bits_per_sample(codec->codec_id) / 8);
> > return 0;
> > }
> >
>
> LGTM.
applied
thanks
> Note: this overflow can be avoided by checking the channel count in
> the above check and limiting it to an arbitrary long enough value.
>
> Regards,
> Matthieu
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Why not whip the teacher when the pupil misbehaves? -- Diogenes of Sinope
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20130111/d647c825/attachment.asc>
More information about the ffmpeg-devel
mailing list