[FFmpeg-devel] [PATCH] Fix integer overflow in mov_read_packet().
Michael Niedermayer
michael at niedermayer.cc
Sat Nov 25 01:38:25 EET 2023
On Wed, Nov 22, 2023 at 02:20:59PM -0800, Dale Curtis wrote:
> Fixes https://crbug.com/1499669:
> runtime error: signed integer overflow: 9223372036853334272 + 1375731456
this looks a bit close to AV_NOPTS_VALUE but its not actually that close
> cannot be represented in type 'int64_t' (aka 'long')
>
> Signed-off-by: Dale Curtis <dalecurtis at chromium.org>
> ---
> libavformat/mov.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/mov.c b/libavformat/mov.c
> index 93f202d204..425ddc6849 100644
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -9023,7 +9023,7 @@ static int mov_read_packet(AVFormatContext *s, AVPacket *pkt)
> pkt->flags |= AV_PKT_FLAG_DISCARD;
> }
> if (sc->ctts_data && sc->ctts_index < sc->ctts_count) {
> - pkt->pts = pkt->dts + sc->dts_shift + sc->ctts_data[sc->ctts_index].duration;
> + pkt->pts = av_sat_add64(pkt->dts, av_sat_add64(sc->dts_shift, sc->ctts_data[sc->ctts_index].duration));
> /* update ctts context */
> sc->ctts_sample++;
> if (sc->ctts_index < sc->ctts_count &&
This is probably ok
alternatively pts could be set to AV_NOPTS_VALUE if its unrepresentable
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Many things microsoft did are stupid, but not doing something just because
microsoft did it is even more stupid. If everything ms did were stupid they
would be bankrupt already.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20231125/c172286d/attachment.sig>
More information about the ffmpeg-devel
mailing list