[FFmpeg-devel] [PATCH] avfilter/avf_concat: check for possible integer overflow
Nicolas George
george at nsup.org
Sun Sep 13 17:14:30 EEST 2020
Paul B Mahol (12020-09-13):
> There is nothing much currently that can be done to recover from
> this situation so just return AVERROR_BUG error code.
>
> Signed-off-by: Paul B Mahol <onemda at gmail.com>
> ---
> libavfilter/avf_concat.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/libavfilter/avf_concat.c b/libavfilter/avf_concat.c
> index 5608ed9ac6..295a340515 100644
> --- a/libavfilter/avf_concat.c
> +++ b/libavfilter/avf_concat.c
> @@ -251,6 +251,8 @@ static int send_silence(AVFilterContext *ctx, unsigned in_no, unsigned out_no,
>
> if (!rate_tb.den)
> return AVERROR_BUG;
> + if (seg_delta < -cat->in[in_no].pts)
> + return AVERROR_BUG;
> nb_samples = av_rescale_q(seg_delta - cat->in[in_no].pts,
> outlink->time_base, rate_tb);
> frame_nb_samples = FFMAX(9600, rate_tb.den / 5); /* arbitrary */
Catching the problem here is probably ok.
But it is not a bug in this filter, and therefore AVERROR_BUG is not the
correct error message. I suppose AVERROR_INVALIDDATA would be ok.
--
Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20200913/5853cc1e/attachment.sig>
More information about the ffmpeg-devel
mailing list