When e2_pts == INT64_MIN and e1_pts >= 0 the calculation of e2_pts - e1_pts will overflow an int64_t. So instead check for overflow and default to |time_tolerance| if the value is too large for an int64_t.
Signed-off-by: Dale Curtis <dalecur...@chromium.org>
From 412751f4747faf34e3dba088dc55290783eb6bd5 Mon Sep 17 00:00:00 2001 From: Dale Curtis <dalecur...@chromium.org> Date: Tue, 28 Jan 2020 16:49:14 -0800 Subject: [PATCH] Fix undefined behavior in ff_configure_buffers_for_index() When e2_pts == INT64_MIN and e1_pts >= 0 the calculation of e2_pts - e1_pts will overflow an int64_t. So instead check for overflow and default to |time_tolerance| if the value is too large for an int64_t. Signed-off-by: Dale Curtis <dalecur...@chromium.org> --- libavformat/utils.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index e22ca7cab8..d6197358c9 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -2135,7 +2135,13 @@ void ff_configure_buffers_for_index(AVFormatContext *s, int64_t time_tolerance) for (; i2 < st2->nb_index_entries; i2++) { AVIndexEntry *e2 = &st2->index_entries[i2]; int64_t e2_pts = av_rescale_q(e2->timestamp, st2->time_base, AV_TIME_BASE_Q); - if (e2_pts - e1_pts < time_tolerance) + int64_t delta = e1_pts < 1 ? INT64_MAX + e1_pts >= e2_pts + ? e2_pts - e1_pts + : time_tolerance + : INT64_MIN + e1_pts <= e2_pts + ? e2_pts - e1_pts + : time_tolerance; + if (delta < time_tolerance) continue; pos_delta = FFMAX(pos_delta, e1->pos - e2->pos); break; -- 2.25.0.341.g760bfbb309-goog
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".