[FFmpeg-devel] [PATCH 2/3] avformat/sbgdec: Check opt_duration and start for overflow
Michael Niedermayer
michael at niedermayer.cc
Mon Jun 28 19:12:26 EEST 2021
On Sun, Jun 27, 2021 at 08:22:12PM +0200, Nicolas George wrote:
> James Almer (12021-06-25):
> > Afaics, it checks the very first character to be < '0' || > '9' for both
> > hours and minutes, so strtol() is not going to see a '-'.
> > Is there supposed to be one for seconds in valid files? If not, the same
> > check could be done and ensure no negative value is parsed.
>
> No, valid files cannot have negative times.
>
> Also, I think with the time that adding this format was a misguided
> idea. I suspect nobody uses it. We could just remove it.
maybe you could go over the parsing/reading of values in it and
add appropriate checks for all. This would likely cut down on the
amount of integer issues, and someone like you who knows the
format well can likely do this faster than others like me fixing
one issue found by the fuzzers at a time
Thanks
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Republics decline into democracies and democracies degenerate into
despotisms. -- Aristotle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20210628/9e5450a3/attachment.sig>
More information about the ffmpeg-devel
mailing list