On Mon, 3 Jun 2024 at 04:16, Michael Niedermayer <mich...@niedermayer.cc> wrote:
>
> Fixes: CID1500312 Unintentional integer overflow
>
> Sponsored-by: Sovereign Tech Fund
> Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
> ---
>  libavformat/mov.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/mov.c b/libavformat/mov.c
> index d15b7b70c50..93643304212 100644
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -3386,7 +3386,7 @@ static int mov_read_stts(MOVContext *c, AVIOContext 
> *pb, MOVAtom atom)
>              sc->stts_data[i].duration = 1;
>              corrected_dts += (delta_magnitude < 0 ? (int64_t)delta_magnitude 
> : 1) * sample_count;
>          } else {
> -            corrected_dts += sample_duration * sample_count;
> +            corrected_dts += sample_duration * (int64_t)sample_count;
>          }
>
>          current_dts += sc->stts_data[i].duration * (int64_t)sample_count;
> --
> 2.45.1

This is not enough to guard the overflow, the addition can still overflow.

mov.c:3500:27: runtime error: signed integer overflow:
3206437752653027430 + 8549083172438480532 cannot be represented in
type 'int64_t' (aka 'long')

- Kacper
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to