]> git.sesse.net Git - ffmpeg/blobdiff - libavformat/riffdec.c
projects / ffmpeg / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
avformat/riffde: Fix integer overflow in bitrate
[ffmpeg] / libavformat / riffdec.c
diff --git a/libavformat/riffdec.c b/libavformat/riffdec.c
index f798baf128b8412cb1d6a5cf684b8ac931f34074..7eecdb24b887a5d2f985ad008dbee268504f4c23 100644 (file)
--- a/libavformat/riffdec.c
+++ b/libavformat/riffdec.c
@@ -87,6 +87,7 @@ int ff_get_wav_header(AVFormatContext *s, AVIOContext *pb,
                       AVCodecContext *codec, int size, int big_endian)
 {
     int id;
+    uint64_t bitrate;
 
     if (size < 14) {
         avpriv_request_sample(codec, "wav header size < 14");
@@ -98,23 +99,15 @@ int ff_get_wav_header(AVFormatContext *s, AVIOContext *pb,
         id                 = avio_rl16(pb);
         codec->channels    = avio_rl16(pb);
         codec->sample_rate = avio_rl32(pb);
-        codec->bit_rate    = avio_rl32(pb) * 8;
+        bitrate            = avio_rl32(pb) * 8LL;
         codec->block_align = avio_rl16(pb);
     } else {
         id                 = avio_rb16(pb);
         codec->channels    = avio_rb16(pb);
         codec->sample_rate = avio_rb32(pb);
-        codec->bit_rate    = avio_rb32(pb) * 8;
+        bitrate            = avio_rb32(pb) * 8LL;
         codec->block_align = avio_rb16(pb);
     }
-    if (codec->bit_rate < 0) {
-        av_log(s, AV_LOG_WARNING,
-               "Invalid bit rate: %d\n", codec->bit_rate);
-        if (s->error_recognition & AV_EF_EXPLODE)
-            return AVERROR_INVALIDDATA;
-        else
-            codec->bit_rate = 0;
-    }
     if (size == 14) {  /* We're dealing with plain vanilla WAVEFORMAT */
         codec->bits_per_coded_sample = 8;
     } else {
@@ -155,6 +148,23 @@ int ff_get_wav_header(AVFormatContext *s, AVIOContext *pb,
         if (size > 0)
             avio_skip(pb, size);
     }
+
+    if (bitrate > INT_MAX) {
+        if (s->error_recognition & AV_EF_EXPLODE) {
+            av_log(s, AV_LOG_ERROR,
+                   "The bitrate %"PRIu64" is too large.\n",
+                    bitrate);
+            return AVERROR_INVALIDDATA;
+        } else {
+            av_log(s, AV_LOG_WARNING,
+                   "The bitrate %"PRIu64" is too large, resetting to 0.",
+                   bitrate);
+            codec->bit_rate = 0;
+        }
+    } else {
+        codec->bit_rate = bitrate;
+    }
+
     if (codec->sample_rate <= 0) {
         av_log(s, AV_LOG_ERROR,
                "Invalid sample rate: %d\n", codec->sample_rate);
Unnamed repository; edit this file 'description' to name the repository.