Files · d59bfcd11229300182c672ca734568919a85f773 · Linshizhi / ffmpeg.wasm-core

avformat/mov: fix integer overflow · d59bfcd1

Ganesh Ajjanagadde authored Oct 10, 2015

Partially fixes Ticket 4727.

-duration is not a safe expression, since duration can be INT_MIN.
One might ask how it can become INT_MIN.
Although it is true that line 2574 is no longer reached with INT_MIN due
to commit 053e80f6 (which fixed another
integer overflow issue), mov_update_dts_shift is called on line 3549 as
well, right after a read of untrusted data.
One can do the fix locally there, but that function is already a huge
mess. Changing mov_update_dts_shift is likely better.

This changes duration to INT_MIN + 1 in such cases. This should not make any
practical difference since such streams are anyway fuzzer files.

Tested with FATE.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>

d59bfcd1

Name	Last commit	Last update
compat		Loading commit data...
doc		Loading commit data...
libavcodec		Loading commit data...
libavdevice		Loading commit data...
libavfilter		Loading commit data...
libavformat		Loading commit data...
libavresample		Loading commit data...
libavutil		Loading commit data...
libpostproc		Loading commit data...
libswresample		Loading commit data...
libswscale		Loading commit data...
presets		Loading commit data...
tests		Loading commit data...
tools		Loading commit data...
.gitattributes		Loading commit data...
.gitignore		Loading commit data...
.travis.yml		Loading commit data...
COPYING.GPLv2		Loading commit data...
COPYING.GPLv3		Loading commit data...
COPYING.LGPLv2.1		Loading commit data...
COPYING.LGPLv3		Loading commit data...
CREDITS		Loading commit data...
Changelog		Loading commit data...
INSTALL.md		Loading commit data...
LICENSE.md		Loading commit data...
MAINTAINERS		Loading commit data...
Makefile		Loading commit data...
README.md		Loading commit data...
RELEASE		Loading commit data...
arch.mak		Loading commit data...
cmdutils.c		Loading commit data...
cmdutils.h		Loading commit data...
cmdutils_common_opts.h		Loading commit data...
cmdutils_opencl.c		Loading commit data...
common.mak		Loading commit data...
configure		Loading commit data...
ffmpeg.c		Loading commit data...
ffmpeg.h		Loading commit data...
ffmpeg_dxva2.c		Loading commit data...
ffmpeg_filter.c		Loading commit data...
ffmpeg_opt.c		Loading commit data...
ffmpeg_vdpau.c		Loading commit data...
ffmpeg_videotoolbox.c		Loading commit data...
ffplay.c		Loading commit data...
ffprobe.c		Loading commit data...
ffserver.c		Loading commit data...
ffserver_config.c		Loading commit data...
ffserver_config.h		Loading commit data...
library.mak		Loading commit data...
version.sh		Loading commit data...

README.md