On Tue, Oct 13, 2015 at 1:49 PM, Michael Niedermayer <mich...@niedermayer.cc> wrote: > On Tue, Oct 13, 2015 at 12:26:24PM -0400, Ganesh Ajjanagadde wrote: >> Partially fixes Ticket 4727. >> >> -duration is not a safe expression, since duration can be INT_MIN. >> One might ask how it can become INT_MIN. >> Although it is true that line 2574 is no longer reached with INT_MIN due >> to commit 053e80f6eaf8d87521fe58ea96886b6ee0bbe59d (which fixed another >> integer overflow issue), mov_update_dts_shift is called on line 3549 as >> well, right after a read of untrusted data. >> One can do the fix locally there, but that function is already a huge >> mess. Changing mov_update_dts_shift is likely better. >> >> This changes duration to INT_MIN + 1 in such cases. This should not make any >> practical difference since such streams are anyway fuzzer files. >> >> Tested with FATE. >> >> Signed-off-by: Ganesh Ajjanagadde <gajjanaga...@gmail.com> >> --- >> libavformat/mov.c | 4 ++++ >> 1 file changed, 4 insertions(+) > > LGTM > > thx
pushed and updated ticket, thanks. > > [...] > -- > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > Many things microsoft did are stupid, but not doing something just because > microsoft did it is even more stupid. If everything ms did were stupid they > would be bankrupt already. > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
