aboutsummaryrefslogtreecommitdiffstats
path: root/libavformat
diff options
context:
space:
mode:
authorJustin Ruggles <justin.ruggles@gmail.com>2012-08-01 15:53:20 -0400
committerJustin Ruggles <justin.ruggles@gmail.com>2013-01-09 14:49:06 -0500
commitb0c96e06134d5c2aa3fa4f0951834c982ee99e3b (patch)
tree86535233d6fc0a92fa436c60622f8465de66e263 /libavformat
parentf7bf72a4a1146a7583577c9bdc066767e1ba3c6a (diff)
downloadffmpeg-b0c96e06134d5c2aa3fa4f0951834c982ee99e3b.tar.gz
idcin: validate header parameters
Avoids using unsupported parameters and signed integer overflows.
Diffstat (limited to 'libavformat')
-rw-r--r--libavformat/idcin.c19
1 files changed, 19 insertions, 0 deletions
diff --git a/libavformat/idcin.c b/libavformat/idcin.c
index fde8666788..6b107b9904 100644
--- a/libavformat/idcin.c
+++ b/libavformat/idcin.c
@@ -68,6 +68,7 @@
* transmitting them to the video decoder
*/
+#include "libavutil/imgutils.h"
#include "libavutil/intreadwrite.h"
#include "avformat.h"
#include "internal.h"
@@ -153,6 +154,24 @@ static int idcin_read_header(AVFormatContext *s)
bytes_per_sample = avio_rl32(pb);
channels = avio_rl32(pb);
+ if (av_image_check_size(width, height, 0, s) < 0)
+ return AVERROR_INVALIDDATA;
+ if (sample_rate > 0) {
+ if (sample_rate < 14 || sample_rate > INT_MAX) {
+ av_log(s, AV_LOG_ERROR, "invalid sample rate: %u\n", sample_rate);
+ return AVERROR_INVALIDDATA;
+ }
+ if (bytes_per_sample < 1 || bytes_per_sample > 2) {
+ av_log(s, AV_LOG_ERROR, "invalid bytes per sample: %u\n",
+ bytes_per_sample);
+ return AVERROR_INVALIDDATA;
+ }
+ if (channels < 1 || channels > 2) {
+ av_log(s, AV_LOG_ERROR, "invalid channels: %u\n", channels);
+ return AVERROR_INVALIDDATA;
+ }
+ }
+
st = avformat_new_stream(s, NULL);
if (!st)
return AVERROR(ENOMEM);