Browse code
pvfdec: prevent overflow during block alignment calculation
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Andreas Cadhalpun authored on 2016/12/15 10:14:54Showing 1 changed files
| ... | ... |
@@ -19,6 +19,7 @@ |
| 19 | 19 |
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
| 20 | 20 |
*/ |
| 21 | 21 |
|
| 22 |
+#include "libavcodec/internal.h" |
|
| 22 | 23 |
#include "avformat.h" |
| 23 | 24 |
#include "internal.h" |
| 24 | 25 |
#include "pcm.h" |
| ... | ... |
@@ -44,7 +45,8 @@ static int pvf_read_header(AVFormatContext *s) |
| 44 | 44 |
&bps) != 3) |
| 45 | 45 |
return AVERROR_INVALIDDATA; |
| 46 | 46 |
|
| 47 |
- if (channels <= 0 || bps <= 0 || sample_rate <= 0) |
|
| 47 |
+ if (channels <= 0 || channels > FF_SANE_NB_CHANNELS || |
|
| 48 |
+ bps <= 0 || bps > INT_MAX / FF_SANE_NB_CHANNELS || sample_rate <= 0) |
|
| 48 | 49 |
return AVERROR_INVALIDDATA; |
| 49 | 50 |
|
| 50 | 51 |
st = avformat_new_stream(s, NULL); |