[FFmpeg-devel] [PATCH] Add FITS Demuxer

Paras Chadha paraschadha18 at gmail.com
Mon Jul 3 10:33:20 EEST 2017


On Mon, Jul 3, 2017 at 3:56 AM, Moritz Barsnick <barsnick at gmx.net> wrote:

> On Sun, Jul 02, 2017 at 20:48:17 +0530, Paras Chadha wrote:
> > +    int64_t header_size = 0, data_size=0, ret, pcount=0, gcount=1, d;
> [...]
> > +    header_size += 80;
> [...]
> > +    header_size += 80;
> [...]
> > +    header_size += 80;
> [...]
> > +    for (i = 0; i < naxis; i++) {
> [...]
> > +        header_size += 80;
> [...]
> > +    header_size += 80;
> [...]
> > +    while (strncmp(buf, "END", 3)) {
> [...]
> > +        header_size += 80;
> > +    }
> > +
> > +    header_size = ceil(header_size/2880.0)*2880;
> > +    if (header_size < 0)
> > +        return AVERROR_INVALIDDATA;
>
> How can this happen, except by integer overflow?
>

It will not happen except in case of integer overflow.


>
> > +    if (data_size < 0)
> > +        return AVERROR_INVALIDDATA;
> > +
> > +    if (!data_size) {
> > +        fits->image = 0;
> > +    } else {
> > +        data_size = ceil(data_size/2880.0)*2880;
> > +        if (data_size < 0)
> > +            return AVERROR_INVALIDDATA;
>
> How can this occur?


It will not occur except in case of integer overflow.
If you are asking for specific case when this 'if' will execute then, set
data_size = LLONG_MAX - 1. Due to ceil function the final value will become
greater than LLONG_MAX. So, the statement inside 'if' will execute.


> Moritz
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>


More information about the ffmpeg-devel mailing list