[FFmpeg-devel] [PATCH] aiffdec: fix division by zero
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Mon Oct 17 21:47:10 EEST 2016
On 17.10.2016 20:11, Michael Niedermayer wrote:
> On Mon, Oct 17, 2016 at 06:27:29PM +0200, Andreas Cadhalpun wrote:
>> On 17.10.2016 17:13, Michael Niedermayer wrote:
>>> On Mon, Oct 17, 2016 at 04:17:35PM +0200, Andreas Cadhalpun wrote:
>>>> On 17.10.2016 05:43, Michael Niedermayer wrote:
>>>>> On Sun, Oct 16, 2016 at 10:38:42PM +0200, Andreas Cadhalpun wrote:
>>>>>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>>>>>> ---
>>>>>> libavformat/aiffdec.c | 2 +-
>>>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>>
>>>>>> diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c
>>>>>> index cd916f9..de82787 100644
>>>>>> --- a/libavformat/aiffdec.c
>>>>>> +++ b/libavformat/aiffdec.c
>>>>>> @@ -380,7 +380,7 @@ static int aiff_read_packet(AVFormatContext *s,
>>>>>> size = st->codecpar->block_align;
>>>>>> break;
>>>>>> default:
>>>>>> - size = (MAX_SIZE / st->codecpar->block_align) * st->codecpar->block_align;
>>>>>> + size = st->codecpar->block_align ? (MAX_SIZE / st->codecpar->block_align) * st->codecpar->block_align : MAX_SIZE;
>>>>>
>>>>> how do you reach block_align == 0 ?
>>>>> aiff_read_header() checks for block_align == 0
>>>>
>>>> I'm not aware of a way to reproduce this with the ffmpeg binary, however
>>>> an API user (e.g. my fuzz-testing-program) can change codecpar->codec_type
>>>> and codecpar->codec_id to force decoding a stream with a particular codec.
>>>>
>>>> However, avcodec_parameters_from_context sets codecpar->block_align to 0
>>>> for AVMEDIA_TYPE_VIDEO thus causing the subsequent crash.
>>>
>>> hmm, patch is probably ok then
>>
>> Pushed.
>>
>> What about the similar patches for astdec and westwood_aud?
>
> probably ok too
Thanks, pushed both.
Best regards,
Andreas
More information about the ffmpeg-devel
mailing list