[FFmpeg-cvslog] lavf: avoid integer overflow in ff_compute_frame_duration()
Janne Grunau
git at videolan.org
Mon Feb 11 12:41:05 CET 2013
ffmpeg | branch: release/0.5 | Janne Grunau <janne-libav at jannau.net> | Fri Nov 23 14:05:36 2012 +0100| [2e1474fd9988e0d8749b8ba2eb46a945ef37dfb7] | committer: Reinhard Tartler
lavf: avoid integer overflow in ff_compute_frame_duration()
Scaling the denominator instead of the numerator if it is too large
loses precision. Fixes an assert caused by a negative frame duration in
the fuzzed sample nasa-8s2.ts_s202310.
CC: libav-stable at libav.org
(cherry picked from commit 7709ce029a7bc101b9ac1ceee607cda10dcb89dc)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2e1474fd9988e0d8749b8ba2eb46a945ef37dfb7
---
libavformat/utils.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavformat/utils.c b/libavformat/utils.c
index 223d567..2715023 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -680,7 +680,10 @@ static void compute_frame_duration(int *pnum, int *pden, AVStream *st,
*pnum = st->codec->time_base.num;
*pden = st->codec->time_base.den;
if (pc && pc->repeat_pict) {
- *pnum = (*pnum) * (1 + pc->repeat_pict);
+ if (*pnum > INT_MAX / (1 + pc->repeat_pict))
+ *pden /= 1 + pc->repeat_pict;
+ else
+ *pnum *= 1 + pc->repeat_pict;
}
}
break;
More information about the ffmpeg-cvslog
mailing list