From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id 7C80146FF5
	for <ffmpegdev@gitmailbox.com>; Fri, 24 Nov 2023 23:38:38 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A1FA168CEF7;
	Sat, 25 Nov 2023 01:38:34 +0200 (EET)
Received: from relay6-d.mail.gandi.net (relay6-d.mail.gandi.net
 [217.70.183.198])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 9848B68C9D6
 for <ffmpeg-devel@ffmpeg.org>; Sat, 25 Nov 2023 01:38:27 +0200 (EET)
Received: by mail.gandi.net (Postfix) with ESMTPSA id B0121C0004
 for <ffmpeg-devel@ffmpeg.org>; Fri, 24 Nov 2023 23:38:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1700869106;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to:references:references;
 bh=oTb1S5wMMDeSlWBFmFRauWehcPAHmosm1aoh0//SHBk=;
 b=a7yKmqqD9IEy5+NQ3DzmRyI3yFk0HD1ZCQODbau2Kk9Ynx/KwwH6HHf2P6/fRSgMU9O7Lt
 BkuRnR0uTAjV8MCe+v6yQzM/pejMXBvCpJGEGnkRY1e4taesQXxzMp89eNjCMr/3OOy9XY
 r2jpvxVjoZ+kr3xSPjNXsIuAjGyi6mPhpM9kDYv5ap1H/ayfL8z18vwOvu3JnMTDcjxwgt
 IC+HSBPGDOUTfy9FLvUfs0KxrG9lyORUvtkwxIiVyE/ftntweBFX8HSrfTUaa/XX7+ky7x
 OnyBq5YcA2OTXVT6MXXwtcSn+NSOWBhnLK9158WPvLGEFg64dcRrYR7nsPYxhg==
Date: Sat, 25 Nov 2023 00:38:25 +0100
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Message-ID: <20231124233825.GJ3543730@pb2>
References: <CAPUDrwdvs7vGUv5r8+wkONFjEXfYDy+yzHMrJ5+YmFuajrapzA@mail.gmail.com>
MIME-Version: 1.0
In-Reply-To: <CAPUDrwdvs7vGUv5r8+wkONFjEXfYDy+yzHMrJ5+YmFuajrapzA@mail.gmail.com>
X-GND-Sasl: michael@niedermayer.cc
Subject: Re: [FFmpeg-devel] [PATCH] Fix integer overflow in
 mov_read_packet().
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: multipart/mixed; boundary="===============4413053090720139821=="
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20231124233825.GJ3543730@pb2/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>


--===============4413053090720139821==
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="ReE0HN0QKQOzjG+V"
Content-Disposition: inline


--ReE0HN0QKQOzjG+V
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Nov 22, 2023 at 02:20:59PM -0800, Dale Curtis wrote:
> Fixes https://crbug.com/1499669:

> runtime error: signed integer overflow: 9223372036853334272 + 1375731456

this looks a bit close to AV_NOPTS_VALUE but its not actually that close


> cannot be represented in type 'int64_t' (aka 'long')
>=20
> Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
> ---
>  libavformat/mov.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>=20
> diff --git a/libavformat/mov.c b/libavformat/mov.c
> index 93f202d204..425ddc6849 100644
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -9023,7 +9023,7 @@ static int mov_read_packet(AVFormatContext *s, AVPa=
cket *pkt)
>          pkt->flags |=3D AV_PKT_FLAG_DISCARD;
>      }
>      if (sc->ctts_data && sc->ctts_index < sc->ctts_count) {
> -        pkt->pts =3D pkt->dts + sc->dts_shift + sc->ctts_data[sc->ctts_i=
ndex].duration;
> +        pkt->pts =3D av_sat_add64(pkt->dts, av_sat_add64(sc->dts_shift, =
sc->ctts_data[sc->ctts_index].duration));
>          /* update ctts context */
>          sc->ctts_sample++;
>          if (sc->ctts_index < sc->ctts_count &&

This is probably ok
alternatively pts could be set to AV_NOPTS_VALUE if its unrepresentable

thx

[...]

--=20
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Many things microsoft did are stupid, but not doing something just because
microsoft did it is even more stupid. If everything ms did were stupid they
would be bankrupt already.

--ReE0HN0QKQOzjG+V
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABEIAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZWEz7gAKCRBhHseHBAsP
q4ihAJ9ffJKyfJcMWCrA5Hq0uTBMTXiPowCfbacBvnwy70gZhZuATGi5OxpQaao=
=PWOL
-----END PGP SIGNATURE-----

--ReE0HN0QKQOzjG+V--

--===============4413053090720139821==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

--===============4413053090720139821==--