[FFmpeg-devel] [PATCH 1/3] avformat/avidec: Fix integer overflow in cum_len check
Michael Niedermayer
michael at niedermayer.cc
Fri Mar 9 03:37:52 EET 2018
Fixes: signed integer overflow: 3775922176 * 4278190080 cannot be represented in type 'long'
Fixes: Chromium bug 791237
Reported-by: Matt Wolenetz <wolenetz at google.com>
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavformat/avidec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/avidec.c b/libavformat/avidec.c
index 3ff515d492..bafe1dc8da 100644
--- a/libavformat/avidec.c
+++ b/libavformat/avidec.c
@@ -670,7 +670,7 @@ FF_ENABLE_DEPRECATION_WARNINGS
st->start_time = 0;
avio_rl32(pb); /* buffer size */
avio_rl32(pb); /* quality */
- if (ast->cum_len*ast->scale/ast->rate > 3600) {
+ if (ast->cum_len > 3600LL * ast->rate / ast->scale) {
av_log(s, AV_LOG_ERROR, "crazy start time, iam scared, giving up\n");
ast->cum_len = 0;
}
--
2.16.2
More information about the ffmpeg-devel
mailing list