On 1/15/2021 3:41 AM, Zhao Zhili wrote:
Fix atoi() overflow for large EXT-X-MEDIA-SEQUENCE.
The spec says the type of sequence number is uint64_t. Use int64_t
here since current implementation requires it to be signed integer,
and hlsenc use int64_t too.
---
libavformat/hls.c | 49 ++++++++++++++++++++++++-----------------------
1 file changed, 25 insertions(+), 24 deletions(-)
diff --git a/libavformat/hls.c b/libavformat/hls.c
index 619e4800de..56f1103a11 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -112,13 +112,13 @@ struct playlist {
...
if (is_http && !in && c->http_persistent && c->playlist_pb) {
in = c->playlist_pb;
@@ -811,7 +811,7 @@ static int parse_playlist(HLSContext *c, const char *url,
ret = ensure_playlist(c, &pls, url);
if (ret < 0)
goto fail;
- pls->start_seq_no = atoi(ptr);
+ pls->start_seq_no = strtoll(ptr, NULL, 10);
Would it be better it use strtoull() to correctly parse the spec'd
value, then check if it is in int64_t range before assigning the
implementation's sequence number (and handling out of range values
appropriately)?
} else if (av_strstart(line, "#EXT-X-PLAYLIST-TYPE:", &ptr)) {
...
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
