[FFmpeg-devel] [libav-devel] [PATCH] avformat/adxdec: check avctx->channels for invalid values
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Thu Feb 26 18:49:58 CET 2015
On 26.02.2015 15:09, Luca Barbato wrote:
> On 26/02/15 12:19, Andreas Cadhalpun wrote:
>> On 26.02.2015 04:15, Luca Barbato wrote:
>>> The decoder has this
>>>
>>> /* channels */
>>> avctx->channels = buf[7];
>>> if (avctx->channels <= 0 || avctx->channels > 2)
>>> return AVERROR_INVALIDDATA;
>>>
>>> So by the time you get there the channels are already validated.
>>>
>>> the extradata is validated on container and codec level so it should
>>> be fine.
>>
>> This validation just makes sure that the codec can't be opened. But then
>> avformat_find_stream_info continues with reading a frame from the
>> demuxer, leading to the segfault if avctx->channels is 0.
>
> do you have a sample for it?
Yes. You can create one by setting the 8th byte of an adx file to 0.
Best regards,
Andreas
More information about the ffmpeg-devel
mailing list