[FFmpeg-cvslog] avformat/avidec: Fix integer overflow in cum_len check

Michael Niedermayer git at videolan.org
Tue Jul 10 12:03:51 EEST 2018


ffmpeg | branch: release/2.8 | Michael Niedermayer <michael at niedermayer.cc> | Thu Mar  8 22:40:50 2018 +0100| [3b5645a72928e3eab7594205bab2d8aed8c114e8] | committer: Michael Niedermayer

avformat/avidec: Fix integer overflow in cum_len check

Fixes: signed integer overflow: 3775922176 * 4278190080 cannot be represented in type 'long'
Fixes: Chromium bug 791237

Reported-by: Matt Wolenetz <wolenetz at google.com>
Reviewed-by: Matt Wolenetz <wolenetz at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 06e092e7819b9437da32925200e7c369f93d82e7)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3b5645a72928e3eab7594205bab2d8aed8c114e8
---

 libavformat/avidec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/avidec.c b/libavformat/avidec.c
index 223ddd0530..81a43632bb 100644
--- a/libavformat/avidec.c
+++ b/libavformat/avidec.c
@@ -665,7 +665,7 @@ static int avi_read_header(AVFormatContext *s)
             st->start_time = 0;
             avio_rl32(pb); /* buffer size */
             avio_rl32(pb); /* quality */
-            if (ast->cum_len*ast->scale/ast->rate > 3600) {
+            if (ast->cum_len > 3600LL * ast->rate / ast->scale) {
                 av_log(s, AV_LOG_ERROR, "crazy start time, iam scared, giving up\n");
                 ast->cum_len = 0;
             }



More information about the ffmpeg-cvslog mailing list