Re: [FFmpeg-devel] [PATCH 2/2] wmavoice: prevent division by zero crash

2017-01-02 Thread Andreas Cadhalpun 
On 02.01.2017 04:09, Ronald S. Bultje wrote:
> On Sun, Jan 1, 2017 at 5:51 PM, Andreas Cadhalpun 
>  wrote:
> Fine for me. Patch doing that is attached.
> 
> 
> LGTM.

Pushed.

Best regards,
Andreas

___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH 2/2] wmavoice: prevent division by zero crash

2017-01-01 Thread Ronald S. Bultje 
Hi,

On Sun, Jan 1, 2017 at 5:51 PM, Andreas Cadhalpun <
andreas.cadhal...@googlemail.com> wrote:

> On 01.01.2017 23:23, Ronald S. Bultje wrote:
> > On Sun, Jan 1, 2017 at 5:19 PM, Andreas Cadhalpun <
> andreas.cadhal...@googlemail.com >
> wrote:
> >
> > The problem was introduced by commit
> > 3deb4b54a24f8cddce463d9f5751b01efeb976af.
> >
> > Signed-off-by: Andreas Cadhalpun  >
> > ---
> >  libavcodec/wmavoice.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c
> > index 1bfad46b2e..279b44dc12 100644
> > --- a/libavcodec/wmavoice.c
> > +++ b/libavcodec/wmavoice.c
> > @@ -1908,7 +1908,7 @@ static int wmavoice_decode_packet(AVCodecContext
> *ctx, void *data,
> >  /* size == ctx->block_align is used to indicate whether we are
> dealing with
> >   * a new packet or a packet of which we already read the packet
> header
> >   * previously. */
> > -if (!(size % ctx->block_align)) { // new packet header
> > +if (ctx->block_align && !(size % ctx->block_align)) { // new
> packet header
> >  if (!size) {
> >  s->spillover_nbits = 0;
> >  s->nb_superframes = 0;
> > --
> > 2.11.0
> >
> >
> > nak.
> >
> > The init routine should error out if block_align is zero.
> > The codec can not operate without block_align set.
>
> Fine for me. Patch doing that is attached.


LGTM.

Ronald
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH 2/2] wmavoice: prevent division by zero crash

2017-01-01 Thread Andreas Cadhalpun 
On 01.01.2017 23:23, Ronald S. Bultje wrote:
> On Sun, Jan 1, 2017 at 5:19 PM, Andreas Cadhalpun 
> > 
> wrote:
> 
> The problem was introduced by commit
> 3deb4b54a24f8cddce463d9f5751b01efeb976af.
> 
> Signed-off-by: Andreas Cadhalpun  >
> ---
>  libavcodec/wmavoice.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c
> index 1bfad46b2e..279b44dc12 100644
> --- a/libavcodec/wmavoice.c
> +++ b/libavcodec/wmavoice.c
> @@ -1908,7 +1908,7 @@ static int wmavoice_decode_packet(AVCodecContext 
> *ctx, void *data,
>  /* size == ctx->block_align is used to indicate whether we are 
> dealing with
>   * a new packet or a packet of which we already read the packet 
> header
>   * previously. */
> -if (!(size % ctx->block_align)) { // new packet header
> +if (ctx->block_align && !(size % ctx->block_align)) { // new packet 
> header
>  if (!size) {
>  s->spillover_nbits = 0;
>  s->nb_superframes = 0;
> --
> 2.11.0
> 
> 
> nak.
> 
> The init routine should error out if block_align is zero.
> The codec can not operate without block_align set.

Fine for me. Patch doing that is attached.

Best regards,
Andreas

>From caec0e9f57ddc2373d3e2cb56ed1e6c3ce0df166 Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun 
Date: Sun, 1 Jan 2017 22:48:38 +0100
Subject: [PATCH] wmavoice: validate block alignment

This prevents a division by zero crash in wmavoice_decode_packet.

The problem was introduced by commit
3deb4b54a24f8cddce463d9f5751b01efeb976af.

Signed-off-by: Andreas Cadhalpun 
---
 libavcodec/wmavoice.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c
index 1bfad46b2e..080ec86b53 100644
--- a/libavcodec/wmavoice.c
+++ b/libavcodec/wmavoice.c
@@ -388,6 +388,11 @@ static av_cold int wmavoice_decode_init(AVCodecContext *ctx)
ctx->extradata_size);
 return AVERROR_INVALIDDATA;
 }
+if (ctx->block_align <= 0) {
+av_log(ctx, AV_LOG_ERROR, "Invalid block alignment %d.\n", ctx->block_align);
+return AVERROR_INVALIDDATA;
+}
+
 flags= AV_RL32(ctx->extradata + 18);
 s->spillover_bitsize = 3 + av_ceil_log2(ctx->block_align);
 s->do_apf=flags & 0x1;
-- 
2.11.0

___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH 2/2] wmavoice: prevent division by zero crash

2017-01-01 Thread Ronald S. Bultje 
Hi,

On Sun, Jan 1, 2017 at 5:19 PM, Andreas Cadhalpun <
andreas.cadhal...@googlemail.com> wrote:

> The problem was introduced by commit
> 3deb4b54a24f8cddce463d9f5751b01efeb976af.
>
> Signed-off-by: Andreas Cadhalpun 
> ---
>  libavcodec/wmavoice.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c
> index 1bfad46b2e..279b44dc12 100644
> --- a/libavcodec/wmavoice.c
> +++ b/libavcodec/wmavoice.c
> @@ -1908,7 +1908,7 @@ static int wmavoice_decode_packet(AVCodecContext
> *ctx, void *data,
>  /* size == ctx->block_align is used to indicate whether we are
> dealing with
>   * a new packet or a packet of which we already read the packet header
>   * previously. */
> -if (!(size % ctx->block_align)) { // new packet header
> +if (ctx->block_align && !(size % ctx->block_align)) { // new packet
> header
>  if (!size) {
>  s->spillover_nbits = 0;
>  s->nb_superframes = 0;
> --
> 2.11.0


nak.

The init routine should error out if block_align is zero. The codec can not
operate without block_align set.

Ronald
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel