eessppeelllloo/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-12-13 10:30:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

avformat/mov: Avoid overflow in dts

Browse Source 
This basically ignores the overflow without undefined behavior, alternatively we could detect and error out

Fixes: signed integer overflow: 6310596683470275584 + 7660622966157213696 cannot be represented in type 'long'
Fixes: 70433/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5483347233538048
Fixes: 369662284/clusterfuzz-testcase-minimized-media_metadata_parser_fuzzer-5327368763670528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 057b8c2066)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2024-07-28 20:53:49 +02:00
parent d44190af87
commit 7e2783c235
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libavformat/mov.c
View File

@@ -3041,10 +3041,10 @@ static int mov_read_stts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
sc->stts_data[i].duration = 1; sc->stts_data[i].duration = 1;
corrected_dts += (delta_magnitude < 0 ? (int64_t)delta_magnitude : 1) * sample_count; corrected_dts += (delta_magnitude < 0 ? (int64_t)delta_magnitude : 1) * sample_count;
} else { } else {
corrected_dts += sample_duration * (int64_t)sample_count; corrected_dts += sample_duration * (uint64_t)sample_count;
} }
current_dts += sc->stts_data[i].duration * (int64_t)sample_count; current_dts += sc->stts_data[i].duration * (uint64_t)sample_count;
if (current_dts > corrected_dts) { if (current_dts > corrected_dts) {
int64_t drift = (current_dts - corrected_dts)/FFMAX(sample_count, 1); int64_t drift = (current_dts - corrected_dts)/FFMAX(sample_count, 1);