[FFmpeg-devel] [PATCH 04/12] mov: validate sample_rate

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Sun Oct 23 19:28:10 EEST 2016


A negative sample rate doesn't make sense and triggers assertions in
av_rescale_rnd.

fate-aac-al07_96 fails if sample_rate == 0 is rejected in
ff_mov_read_stsd_entries.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
---
 libavformat/mov.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index dada1e0..0a3fdd1 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -888,6 +888,10 @@ static int mov_read_ddts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
     st = c->fc->streams[c->fc->nb_streams-1];
 
     st->codecpar->sample_rate = get_bits_long(&gb, 32);
+    if (st->codecpar->sample_rate <= 0) {
+        av_log(c->fc, AV_LOG_ERROR, "Invalid sample rate %d\n", st->codecpar->sample_rate);
+        return AVERROR_INVALIDDATA;
+    }
     skip_bits_long(&gb, 32); /* max bitrate */
     st->codecpar->bit_rate = get_bits_long(&gb, 32);
     st->codecpar->bits_per_coded_sample = get_bits(&gb, 8);
@@ -2273,6 +2277,10 @@ int ff_mov_read_stsd_entries(MOVContext *c, AVIOContext *pb, int entries)
         } else if (st->codecpar->codec_type==AVMEDIA_TYPE_AUDIO) {
             st->codecpar->codec_id = id;
             mov_parse_stsd_audio(c, pb, st, sc);
+            if (st->codecpar->sample_rate < 0) {
+                av_log(c->fc, AV_LOG_ERROR, "Invalid sample rate %d\n", st->codecpar->sample_rate);
+                return AVERROR_INVALIDDATA;
+            }
         } else if (st->codecpar->codec_type==AVMEDIA_TYPE_SUBTITLE){
             st->codecpar->codec_id = id;
             mov_parse_stsd_subtitle(c, pb, st, sc,
-- 
2.9.3



More information about the ffmpeg-devel mailing list