[FFmpeg-cvslog] avformat/matroskadec: Fix float-cast-overflow undefined behavior in matroska_parse_tracks()

Nikolas Bowe git at videolan.org
Thu Feb 1 01:53:06 EET 2018


ffmpeg | branch: release/2.8 | Nikolas Bowe <nbowe-at-google.com at ffmpeg.org> | Thu Jan 18 15:21:56 2018 -0800| [5971f1941b39a19ced10e24adc3a26de80542600] | committer: Michael Niedermayer

avformat/matroskadec: Fix float-cast-overflow undefined behavior in matroska_parse_tracks()

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit e07649e618caedc07eaf2f4d09253de7f77d14f0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5971f1941b39a19ced10e24adc3a26de80542600
---

 libavformat/matroskadec.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 4e12c840b0..0ab5caf652 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1693,8 +1693,16 @@ static int matroska_parse_tracks(AVFormatContext *s)
         }
 
         if (track->type == MATROSKA_TRACK_TYPE_VIDEO) {
-            if (!track->default_duration && track->video.frame_rate > 0)
-                track->default_duration = 1000000000 / track->video.frame_rate;
+            if (!track->default_duration && track->video.frame_rate > 0) {
+                double default_duration = 1000000000 / track->video.frame_rate;
+                if (default_duration > UINT64_MAX || default_duration < 0) {
+                    av_log(matroska->ctx, AV_LOG_WARNING,
+                         "Invalid frame rate %e. Cannot calculate default duration.\n",
+                         track->video.frame_rate);
+                } else {
+                    track->default_duration = default_duration;
+                }
+            }
             if (track->video.display_width == -1)
                 track->video.display_width = track->video.pixel_width;
             if (track->video.display_height == -1)



More information about the ffmpeg-cvslog mailing list