X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavformat%2F4xm.c;h=ead6d2b4243a83d80c3931c03605f27a5bb3fab0;hb=36aba43bd5fae8595dd9a566fbcfbbea63f0fca3;hp=8a50778686f871f3142d32118b407fdb0840496b;hpb=da97b244b04b48b827ece6d9635a1d1d1cf2021a;p=ffmpeg diff --git a/libavformat/4xm.c b/libavformat/4xm.c index 8a50778686f..ead6d2b4243 100644 --- a/libavformat/4xm.c +++ b/libavformat/4xm.c @@ -29,6 +29,7 @@ #include "libavutil/intreadwrite.h" #include "libavutil/intfloat.h" +#include "libavcodec/internal.h" #include "avformat.h" #include "internal.h" @@ -153,8 +154,10 @@ static int parse_strk(AVFormatContext *s, fourxm->tracks[track].audio_pts = 0; if (fourxm->tracks[track].channels <= 0 || + fourxm->tracks[track].channels > FF_SANE_NB_CHANNELS || fourxm->tracks[track].sample_rate <= 0 || - fourxm->tracks[track].bits <= 0) { + fourxm->tracks[track].bits <= 0 || + fourxm->tracks[track].bits > INT_MAX / FF_SANE_NB_CHANNELS) { av_log(s, AV_LOG_ERROR, "audio header invalid\n"); return AVERROR_INVALIDDATA; } @@ -163,6 +166,12 @@ static int parse_strk(AVFormatContext *s, return AVERROR_INVALIDDATA; } + if (fourxm->tracks[track].sample_rate > INT64_MAX / fourxm->tracks[track].bits / fourxm->tracks[track].channels) { + av_log(s, AV_LOG_ERROR, "Overflow during bit rate calculation %d * %d * %d\n", + fourxm->tracks[track].sample_rate, fourxm->tracks[track].bits, fourxm->tracks[track].channels); + return AVERROR_INVALIDDATA; + } + /* allocate a new AVStream */ st = avformat_new_stream(s, NULL); if (!st) @@ -178,7 +187,7 @@ static int parse_strk(AVFormatContext *s, st->codecpar->channels = fourxm->tracks[track].channels; st->codecpar->sample_rate = fourxm->tracks[track].sample_rate; st->codecpar->bits_per_coded_sample = fourxm->tracks[track].bits; - st->codecpar->bit_rate = st->codecpar->channels * + st->codecpar->bit_rate = (int64_t)st->codecpar->channels * st->codecpar->sample_rate * st->codecpar->bits_per_coded_sample; st->codecpar->block_align = st->codecpar->channels *