On Mon, 3 Jun 2024 at 04:16, Michael Niedermayer <mich...@niedermayer.cc> wrote:
>
> Fixes: CID1500312 Unintentional integer overflow
>
> Sponsored-by: Sovereign Tech Fund
> Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
> ---
> libavformat/mov.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/mov.c b/libavformat/mov.c
> index d15b7b70c50..93643304212 100644
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -3386,7 +3386,7 @@ static int mov_read_stts(MOVContext *c, AVIOContext
> *pb, MOVAtom atom)
> sc->stts_data[i].duration = 1;
> corrected_dts += (delta_magnitude < 0 ? (int64_t)delta_magnitude
> : 1) * sample_count;
> } else {
> - corrected_dts += sample_duration * sample_count;
> + corrected_dts += sample_duration * (int64_t)sample_count;
> }
>
> current_dts += sc->stts_data[i].duration * (int64_t)sample_count;
> --
> 2.45.1
This is not enough to guard the overflow, the addition can still overflow.
mov.c:3500:27: runtime error: signed integer overflow:
3206437752653027430 + 8549083172438480532 cannot be represented in
type 'int64_t' (aka 'long')
- Kacper
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
