[FFmpeg-devel] [PATCH 4/4] avcodec/dirac_parser: Fix overflow in dts
Michael Niedermayer
michael at niedermayer.cc
Fri Jul 12 20:51:13 EEST 2019
On Thu, Jul 11, 2019 at 08:58:50PM -0300, James Almer wrote:
> On 7/11/2019 6:49 PM, Michael Niedermayer wrote:
> > Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
> > Fixes: 15568/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5634719611355136
> >
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > ---
> > libavcodec/dirac_parser.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libavcodec/dirac_parser.c b/libavcodec/dirac_parser.c
> > index 1ade44a438..8722ef17b7 100644
> > --- a/libavcodec/dirac_parser.c
> > +++ b/libavcodec/dirac_parser.c
> > @@ -214,7 +214,7 @@ static int dirac_combine_frame(AVCodecParserContext *s, AVCodecContext *avctx,
> > pc->index - 13 - pu1.prev_pu_offset;
> > int pts = AV_RB32(cur_pu + 13);
> > if (s->last_pts == 0 && s->last_dts == 0)
> > - s->dts = pts - 1;
> > + s->dts = pts - 1LL;
>
> Unless that AV_RB32() value can be negative in valid bitstreams, just
> make pts int64_t instead. That's the type for both pts and dts in
> AVCodecParserContext.
ill try and will change to that if i spot nothing breaking but libdirac 1.0.2
seems to use plain int for this so on most platforms that would not result
in positive numbers once the highest bit is set ...
I cant find a clear statment in the spec about this but my feeling is
that unsigened was the intent
i suspect this question doesnt affect real world content
anyone knows if dirac is still maintained somewhere ?
(if so ill report this minor issue there if it appears to affect the curent
source still ...)
Thanks
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
When the tyrant has disposed of foreign enemies by conquest or treaty, and
there is nothing more to fear from them, then he is always stirring up
some war or other, in order that the people may require a leader. -- Plato
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20190712/a847b1d1/attachment.sig>
More information about the ffmpeg-devel
mailing list