ffmpeg | branch: release/2.6 | Michael Niedermayer <mich...@niedermayer.cc> | Tue Jan 12 18:49:20 2016 +0100| [fbfef00e688357494a5228897a6a865fded05b32] | committer: Michael Niedermayer
avformat/asfenc: Check pts Fixes integer overflow Fixes: 0063df8be3aaa30dd6d76f59c8f818c8/signal_sigsegv_7b7b59_3634_bf418b6822bbfa68734411d96b667be3.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> (cherry picked from commit 7c0b84d89911b2035161f5ef51aafbfcc84aa9e2) Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fbfef00e688357494a5228897a6a865fded05b32 --- libavformat/asfenc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavformat/asfenc.c b/libavformat/asfenc.c index 5e0f7b0..0aea552 100644 --- a/libavformat/asfenc.c +++ b/libavformat/asfenc.c @@ -925,6 +925,11 @@ static int asf_write_packet(AVFormatContext *s, AVPacket *pkt) pts = (pkt->pts != AV_NOPTS_VALUE) ? pkt->pts : pkt->dts; av_assert0(pts != AV_NOPTS_VALUE); + if ( pts < - PREROLL_TIME + || pts > (INT_MAX-3)/10000LL * ASF_INDEXED_INTERVAL - PREROLL_TIME) { + av_log(s, AV_LOG_ERROR, "input pts %"PRId64" is invalid\n", pts); + return AVERROR(EINVAL); + } pts *= 10000; asf->duration = FFMAX(asf->duration, pts + pkt->duration * 10000); _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
