Re: [FFmpeg-devel] [PATCH 4/4] avcodec/dirac_parser: Fix overflow in dts

Fri, 12 Jul 2019 10:51:52 -0700 

On Thu, Jul 11, 2019 at 08:58:50PM -0300, James Almer wrote:
> On 7/11/2019 6:49 PM, Michael Niedermayer wrote:
> > Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in 
> > type 'int'
> > Fixes: 
> > 15568/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5634719611355136
> > 
> > Found-by: continuous fuzzing process 
> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
> > ---
> >  libavcodec/dirac_parser.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/libavcodec/dirac_parser.c b/libavcodec/dirac_parser.c
> > index 1ade44a438..8722ef17b7 100644
> > --- a/libavcodec/dirac_parser.c
> > +++ b/libavcodec/dirac_parser.c
> > @@ -214,7 +214,7 @@ static int dirac_combine_frame(AVCodecParserContext *s, 
> > AVCodecContext *avctx,
> >                                pc->index - 13 - pu1.prev_pu_offset;
> >              int pts = AV_RB32(cur_pu + 13);
> >              if (s->last_pts == 0 && s->last_dts == 0)
> > -                s->dts = pts - 1;
> > +                s->dts = pts - 1LL;
> 
> Unless that AV_RB32() value can be negative in valid bitstreams, just
> make pts int64_t instead. That's the type for both pts and dts in
> AVCodecParserContext.

ill try and will change to that if i spot nothing breaking but libdirac 1.0.2
seems to use plain int for this so on most platforms that would not result
in positive numbers once the highest bit is set ...
I cant find a clear statment in the spec about this but my feeling is
that unsigened was the intent
i suspect this question doesnt affect real world content

anyone knows if dirac is still maintained somewhere ? 
(if so ill report this minor issue there if it appears to affect the curent 
 source still ...)

Thanks


[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

When the tyrant has disposed of foreign enemies by conquest or treaty, and
there is nothing more to fear from them, then he is always stirring up
some war or other, in order that the people may require a leader. -- Plato

Attachment: signature.asc
Description: PGP signature

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to