[FFmpeg-devel] [PATCH] Fix signed integer overflows

Carl Eugen Hoyos ceffmpeg at gmail.com
Fri Aug 18 11:13:01 EEST 2017


2017-08-18 8:14 GMT+02:00 Vitaly Buka <vitalybuka-at-google.com at ffmpeg.org>:
> Signed integer overflow is undefined behavior.
> Detected with clang and -fsanitize=signed-integer-overflow

> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -5572,7 +5572,7 @@ static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom)
>
>      if (atom.size < 0)
>          atom.size = INT64_MAX;
> -    while (total_size + 8 <= atom.size && !avio_feof(pb)) {
> +    while (total_size <= atom.size - 8 && !avio_feof(pb)) {

Can you provide the sample that produces this overflow?

Carl Eugen


More information about the ffmpeg-devel mailing list