On Mon, 3 Jun 2024 at 04:16, Michael Niedermayer <mich...@niedermayer.cc> wrote: > > Fixes: CID1500312 Unintentional integer overflow > > Sponsored-by: Sovereign Tech Fund > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > --- > libavformat/mov.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavformat/mov.c b/libavformat/mov.c > index d15b7b70c50..93643304212 100644 > --- a/libavformat/mov.c > +++ b/libavformat/mov.c > @@ -3386,7 +3386,7 @@ static int mov_read_stts(MOVContext *c, AVIOContext > *pb, MOVAtom atom) > sc->stts_data[i].duration = 1; > corrected_dts += (delta_magnitude < 0 ? (int64_t)delta_magnitude > : 1) * sample_count; > } else { > - corrected_dts += sample_duration * sample_count; > + corrected_dts += sample_duration * (int64_t)sample_count; > } > > current_dts += sc->stts_data[i].duration * (int64_t)sample_count; > -- > 2.45.1
This is not enough to guard the overflow, the addition can still overflow. mov.c:3500:27: runtime error: signed integer overflow: 3206437752653027430 + 8549083172438480532 cannot be represented in type 'int64_t' (aka 'long') - Kacper _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".