[FFmpeg-cvslog] avcodec/diracdec: Check numx/y

[Michael Niedermayer]

ffmpeg | branch: release/3.0 | Michael Niedermayer  | 
Sat Aug 20 19:21:07 2016 +0200| [4ab41164d23899716d79752511fb9d975a264016] | 
committer: Michael Niedermayer

avcodec/diracdec: Check numx/y

Fixes division by 0
Fixes: 
60261c4469ba3e11059890fb2832a515/asan_generic_135e694_2790_beb94eaa0aeb7d11c0437375a8964a99.drc

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit a31e08fa1aa5c5f0518b8af850f28eb945268e66)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4ab41164d23899716d79752511fb9d975a264016
---

 libavcodec/diracdec.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index 1d7bb9b..1242bd8 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -1153,6 +1153,11 @@ static int dirac_unpack_idwt_params(DiracContext *s)
 else {
 s->num_x= svq3_get_ue_golomb(gb);
 s->num_y= svq3_get_ue_golomb(gb);
+if (s->num_x * s->num_y == 0 || s->num_x * (uint64_t)s->num_y > 
INT_MAX) {
+av_log(s->avctx,AV_LOG_ERROR,"Invalid numx/y\n");
+s->num_x = s->num_y = 0;
+return AVERROR_INVALIDDATA;
+}
 if (s->ld_picture) {
 s->lowdelay.bytes.num = svq3_get_ue_golomb(gb);
 s->lowdelay.bytes.den = svq3_get_ue_golomb(gb);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/diracdec: Check numx/y

[Michael Niedermayer]

ffmpeg | branch: release/2.8 | Michael Niedermayer  | 
Sat Aug 20 19:21:07 2016 +0200| [33ec0280f38ae6852b2447656bc0214e77abf6ef] | 
committer: Michael Niedermayer

avcodec/diracdec: Check numx/y

Fixes division by 0
Fixes: 
60261c4469ba3e11059890fb2832a515/asan_generic_135e694_2790_beb94eaa0aeb7d11c0437375a8964a99.drc

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit a31e08fa1aa5c5f0518b8af850f28eb945268e66)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=33ec0280f38ae6852b2447656bc0214e77abf6ef
---

 libavcodec/diracdec.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index ea16007..dc56356 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -1031,6 +1031,13 @@ static int dirac_unpack_idwt_params(DiracContext *s)
 /*[DIRAC_STD] 11.3.4 Slice coding Parameters (low delay syntax only). 
slice_parameters() */
 s->lowdelay.num_x = svq3_get_ue_golomb(gb);
 s->lowdelay.num_y = svq3_get_ue_golomb(gb);
+if (s->lowdelay.num_x * s->lowdelay.num_y == 0 ||
+s->lowdelay.num_x * (uint64_t)s->lowdelay.num_y > INT_MAX) {
+av_log(s->avctx,AV_LOG_ERROR,"Invalid numx/y\n");
+s->lowdelay.num_x = s->lowdelay.num_y = 0;
+return AVERROR_INVALIDDATA;
+}
+
 s->lowdelay.bytes.num = svq3_get_ue_golomb(gb);
 s->lowdelay.bytes.den = svq3_get_ue_golomb(gb);
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/diracdec: Check numx/y

[Michael Niedermayer]

ffmpeg | branch: release/3.1 | Michael Niedermayer  | 
Sat Aug 20 19:21:07 2016 +0200| [049d7677156af30ea34f5871df88846a8b9bc385] | 
committer: Michael Niedermayer

avcodec/diracdec: Check numx/y

Fixes division by 0
Fixes: 
60261c4469ba3e11059890fb2832a515/asan_generic_135e694_2790_beb94eaa0aeb7d11c0437375a8964a99.drc

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit a31e08fa1aa5c5f0518b8af850f28eb945268e66)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=049d7677156af30ea34f5871df88846a8b9bc385
---

 libavcodec/diracdec.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index c473e87..769dac3 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -1153,6 +1153,11 @@ static int dirac_unpack_idwt_params(DiracContext *s)
 else {
 s->num_x= get_interleaved_ue_golomb(gb);
 s->num_y= get_interleaved_ue_golomb(gb);
+if (s->num_x * s->num_y == 0 || s->num_x * (uint64_t)s->num_y > 
INT_MAX) {
+av_log(s->avctx,AV_LOG_ERROR,"Invalid numx/y\n");
+s->num_x = s->num_y = 0;
+return AVERROR_INVALIDDATA;
+}
 if (s->ld_picture) {
 s->lowdelay.bytes.num = get_interleaved_ue_golomb(gb);
 s->lowdelay.bytes.den = get_interleaved_ue_golomb(gb);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/diracdec: Check numx/y

[Michael Niedermayer]

ffmpeg | branch: master | Michael Niedermayer  | Sat 
Aug 20 19:21:07 2016 +0200| [a31e08fa1aa5c5f0518b8af850f28eb945268e66] | 
committer: Michael Niedermayer

avcodec/diracdec: Check numx/y

Fixes division by 0
Fixes: 
60261c4469ba3e11059890fb2832a515/asan_generic_135e694_2790_beb94eaa0aeb7d11c0437375a8964a99.drc

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a31e08fa1aa5c5f0518b8af850f28eb945268e66
---

 libavcodec/diracdec.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index 6cb098b..b183fad 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -1225,6 +1225,11 @@ static int dirac_unpack_idwt_params(DiracContext *s)
 else {
 s->num_x= get_interleaved_ue_golomb(gb);
 s->num_y= get_interleaved_ue_golomb(gb);
+if (s->num_x * s->num_y == 0 || s->num_x * (uint64_t)s->num_y > 
INT_MAX) {
+av_log(s->avctx,AV_LOG_ERROR,"Invalid numx/y\n");
+s->num_x = s->num_y = 0;
+return AVERROR_INVALIDDATA;
+}
 if (s->ld_picture) {
 s->lowdelay.bytes.num = get_interleaved_ue_golomb(gb);
 s->lowdelay.bytes.den = get_interleaved_ue_golomb(gb);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog