Commit 06e092e7 authored by Michael Niedermayer's avatar Michael Niedermayer

avformat/avidec: Fix integer overflow in cum_len check

Fixes: signed integer overflow: 3775922176 * 4278190080 cannot be represented in type 'long'
Fixes: Chromium bug 791237
Reported-by: 's avatarMatt Wolenetz <wolenetz@google.com>
Reviewed-by: 's avatarMatt Wolenetz <wolenetz@google.com>
Signed-off-by: 's avatarMichael Niedermayer <michael@niedermayer.cc>
parent 02ecda4a
...@@ -670,7 +670,7 @@ FF_ENABLE_DEPRECATION_WARNINGS ...@@ -670,7 +670,7 @@ FF_ENABLE_DEPRECATION_WARNINGS
st->start_time = 0; st->start_time = 0;
avio_rl32(pb); /* buffer size */ avio_rl32(pb); /* buffer size */
avio_rl32(pb); /* quality */ avio_rl32(pb); /* quality */
if (ast->cum_len*ast->scale/ast->rate > 3600) { if (ast->cum_len > 3600LL * ast->rate / ast->scale) {
av_log(s, AV_LOG_ERROR, "crazy start time, iam scared, giving up\n"); av_log(s, AV_LOG_ERROR, "crazy start time, iam scared, giving up\n");
ast->cum_len = 0; ast->cum_len = 0;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment