On 15/06/15 21:17, Andreas Cadhalpun wrote: > The values are written with avio_wl16 and if they don't fit into > uint16_t, this triggers an av_assert2 in avio_w8.
No does not. > Signed-off-by: Andreas Cadhalpun <[email protected]> > --- > libavformat/matroskadec.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c > index 81dd53f..7af03c9 100644 > --- a/libavformat/matroskadec.c > +++ b/libavformat/matroskadec.c > @@ -1889,6 +1889,14 @@ static int matroska_parse_tracks(AVFormatContext *s) > NULL, NULL, NULL, NULL); > avio_write(&b, "TTA1", 4); > avio_wl16(&b, 1); > + if (track->audio.channels > UINT16_MAX || > + track->audio.bitdepth > UINT16_MAX) { > + av_log(matroska->ctx, AV_LOG_ERROR, > + "Too large audio channel number %"PRIu64 > + " or bitdepth %"PRIu64".\n", > + track->audio.channels, track->audio.bitdepth); > + return AVERROR_INVALIDDATA; > + } I wonder if the sanity check in the decoder would be enough to not have other problems down the line. I'd provide an explode mode and as best effort mode I'd just mark the data as corrupted. lu _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
