From 25b27a9c167302769db512a9e32c66323bc7904c Mon Sep 17 00:00:00 2001 From: Mark Harris Date: Thu, 27 Nov 2014 08:48:09 -0800 Subject: [PATCH] multistream: improve arg check Avoid undefined behavior (signed arithmetic overflow) or implementation-defined behavior (malloc(0)) on out-of-range arguments, e.g. opus_multistream_encoder_create(48000, 2, 2147483647, 1, ...) or opus_multistream_surround_encoder_create(48000, 3, 0, ...). Signed-off-by: Jean-Marc Valin --- src/opus_multistream_decoder.c | 4 ++-- src/opus_multistream_encoder.c | 14 +++++++++++--- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/src/opus_multistream_decoder.c b/src/opus_multistream_decoder.c index a05fa1e7..b95eaa6e 100644 --- a/src/opus_multistream_decoder.c +++ b/src/opus_multistream_decoder.c @@ -75,7 +75,7 @@ int opus_multistream_decoder_init( char *ptr; if ((channels>255) || (channels<1) || (coupled_streams>streams) || - (coupled_streams+streams>255) || (streams<1) || (coupled_streams<0)) + (streams<1) || (coupled_streams<0) || (streams>255-coupled_streams)) return OPUS_BAD_ARG; st->layout.nb_channels = channels; @@ -119,7 +119,7 @@ OpusMSDecoder *opus_multistream_decoder_create( int ret; OpusMSDecoder *st; if ((channels>255) || (channels<1) || (coupled_streams>streams) || - (coupled_streams+streams>255) || (streams<1) || (coupled_streams<0)) + (streams<1) || (coupled_streams<0) || (streams>255-coupled_streams)) { if (error) *error = OPUS_BAD_ARG; diff --git a/src/opus_multistream_encoder.c b/src/opus_multistream_encoder.c index 3787194a..6e87337d 100644 --- a/src/opus_multistream_encoder.c +++ b/src/opus_multistream_encoder.c @@ -408,7 +408,7 @@ static int opus_multistream_encoder_init_impl( char *ptr; if ((channels>255) || (channels<1) || (coupled_streams>streams) || - (coupled_streams+streams>255) || (streams<1) || (coupled_streams<0)) + (streams<1) || (coupled_streams<0) || (streams>255-coupled_streams)) return OPUS_BAD_ARG; st->layout.nb_channels = channels; @@ -530,7 +530,7 @@ OpusMSEncoder *opus_multistream_encoder_create( int ret; OpusMSEncoder *st; if ((channels>255) || (channels<1) || (coupled_streams>streams) || - (coupled_streams+streams>255) || (streams<1) || (coupled_streams<0)) + (streams<1) || (coupled_streams<0) || (streams>255-coupled_streams)) { if (error) *error = OPUS_BAD_ARG; @@ -566,6 +566,7 @@ OpusMSEncoder *opus_multistream_surround_encoder_create( ) { int ret; + opus_int32 size; OpusMSEncoder *st; if ((channels>255) || (channels<1)) { @@ -573,7 +574,14 @@ OpusMSEncoder *opus_multistream_surround_encoder_create( *error = OPUS_BAD_ARG; return NULL; } - st = (OpusMSEncoder *)opus_alloc(opus_multistream_surround_encoder_get_size(channels, mapping_family)); + size = opus_multistream_surround_encoder_get_size(channels, mapping_family); + if (!size) + { + if (error) + *error = OPUS_UNIMPLEMENTED; + return NULL; + } + st = (OpusMSEncoder *)opus_alloc(size); if (st==NULL) { if (error)