[FFmpeg-devel] [PATCH 5/5] avutil/parseutils: fix some overflows in duration calculations

Marton Balint cus at passwd.hu
Sun Sep 30 23:45:13 EEST 2018 

Also properly return AVERROR(ERANGE) in case of actual overflows.

Signed-off-by: Marton Balint <cus at passwd.hu>
---
 libavutil/parseutils.c    | 14 ++++++++++----
 tests/ref/fate/parseutils |  8 ++++----
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/libavutil/parseutils.c b/libavutil/parseutils.c
index 924c49d52c..59bec6cc9d 100644
--- a/libavutil/parseutils.c
+++ b/libavutil/parseutils.c
@@ -661,12 +661,15 @@ int av_parse_time(int64_t *timeval, const char *timestr, int duration)
         if (!q) {
             char *o;
             /* parse timestr as S+ */
-            dt.tm_sec = strtol(p, &o, 10);
+            errno = 0;
+            t = strtoll(p, &o, 10);
             if (o == p) /* the parsing didn't succeed */
                 return AVERROR(EINVAL);
-            dt.tm_min = 0;
-            dt.tm_hour = 0;
+            if (errno == ERANGE)
+                return AVERROR(ERANGE);
             q = o;
+        } else {
+            t = dt.tm_hour * 3600 + dt.tm_min * 60 + dt.tm_sec;
         }
     }
 
@@ -688,7 +691,6 @@ int av_parse_time(int64_t *timeval, const char *timestr, int duration)
     }
 
     if (duration) {
-        t = dt.tm_hour * 3600 + dt.tm_min * 60 + dt.tm_sec;
         if (q[0] == 'm' && q[1] == 's') {
             suffix = 1000;
             microseconds /= 1000;
@@ -734,7 +736,11 @@ int av_parse_time(int64_t *timeval, const char *timestr, int duration)
     if (*q)
         return AVERROR(EINVAL);
 
+    if (INT64_MAX / suffix < t)
+        return AVERROR(ERANGE);
     t *= suffix;
+    if (INT64_MAX - microseconds < t)
+        return AVERROR(ERANGE);
     t += microseconds;
     *timeval = negative ? -t : t;
     return 0;
diff --git a/tests/ref/fate/parseutils b/tests/ref/fate/parseutils
index 36db4fa8a0..bd36c9b01f 100644
--- a/tests/ref/fate/parseutils
+++ b/tests/ref/fate/parseutils
@@ -90,10 +90,10 @@ now                      ->     1331972053.200000 = 2012-03-17T08:14:13Z
 42.1729                  ->             +42172900
 -1729.42                 ->           -1729420000
 12:34                    ->            +754000000
-2147483648s              ->     -2147483648000000
-4294967296ms             ->                    +0
-8589934592us             ->                    +0
-9223372036854775808us    ->                    -1
+2147483648s              ->     +2147483648000000
+4294967296ms             ->        +4294967296000
+8589934592us             ->           +8589934592
+9223372036854775808us    -> error
 
 Testing av_get_known_color_name()
 AliceBlue -> R(240) G(248) B(255) A(0)
-- 
2.16.4

More information about the ffmpeg-devel mailing list