From a31e08fa1aa5c5f0518b8af850f28eb945268e66 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 20 Aug 2016 19:21:07 +0200 Subject: avcodec/diracdec: Check numx/y Fixes division by 0 Fixes: 60261c4469ba3e11059890fb2832a515/asan_generic_135e694_2790_beb94eaa0aeb7d11c0437375a8964a99.drc Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer --- libavcodec/diracdec.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'libavcodec/diracdec.c') diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index 6cb098b..b183fad 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -1225,6 +1225,11 @@ static int dirac_unpack_idwt_params(DiracContext *s) else { s->num_x = get_interleaved_ue_golomb(gb); s->num_y = get_interleaved_ue_golomb(gb); + if (s->num_x * s->num_y == 0 || s->num_x * (uint64_t)s->num_y > INT_MAX) { + av_log(s->avctx,AV_LOG_ERROR,"Invalid numx/y\n"); + s->num_x = s->num_y = 0; + return AVERROR_INVALIDDATA; + } if (s->ld_picture) { s->lowdelay.bytes.num = get_interleaved_ue_golomb(gb); s->lowdelay.bytes.den = get_interleaved_ue_golomb(gb); -- cgit v1.1