* [FFmpeg-devel] [PATCH] Fix integer overflow in mov_read_packet().
@ 2023-11-22 22:20 Dale Curtis
2023-11-24 23:38 ` Michael Niedermayer
0 siblings, 1 reply; 4+ messages in thread
From: Dale Curtis @ 2023-11-22 22:20 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1: Type: text/plain, Size: 936 bytes --]
Fixes https://crbug.com/1499669:
runtime error: signed integer overflow: 9223372036853334272 + 1375731456
cannot be represented in type 'int64_t' (aka 'long')
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
---
libavformat/mov.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 93f202d204..425ddc6849 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -9023,7 +9023,7 @@ static int mov_read_packet(AVFormatContext *s,
AVPacket *pkt)
pkt->flags |= AV_PKT_FLAG_DISCARD;
}
if (sc->ctts_data && sc->ctts_index < sc->ctts_count) {
- pkt->pts = pkt->dts + sc->dts_shift +
sc->ctts_data[sc->ctts_index].duration;
+ pkt->pts = av_sat_add64(pkt->dts, av_sat_add64(sc->dts_shift,
sc->ctts_data[sc->ctts_index].duration));
/* update ctts context */
sc->ctts_sample++;
if (sc->ctts_index < sc->ctts_count &&
--
[-- Attachment #2: 0001-Fix-integer-overflow-in-mov_read_packet.patch --]
[-- Type: application/octet-stream, Size: 1184 bytes --]
[-- Attachment #3: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [FFmpeg-devel] [PATCH] Fix integer overflow in mov_read_packet().
2023-11-22 22:20 [FFmpeg-devel] [PATCH] Fix integer overflow in mov_read_packet() Dale Curtis
@ 2023-11-24 23:38 ` Michael Niedermayer
2023-12-01 18:52 ` Dale Curtis
0 siblings, 1 reply; 4+ messages in thread
From: Michael Niedermayer @ 2023-11-24 23:38 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1.1: Type: text/plain, Size: 1518 bytes --]
On Wed, Nov 22, 2023 at 02:20:59PM -0800, Dale Curtis wrote:
> Fixes https://crbug.com/1499669:
> runtime error: signed integer overflow: 9223372036853334272 + 1375731456
this looks a bit close to AV_NOPTS_VALUE but its not actually that close
> cannot be represented in type 'int64_t' (aka 'long')
>
> Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
> ---
> libavformat/mov.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/mov.c b/libavformat/mov.c
> index 93f202d204..425ddc6849 100644
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -9023,7 +9023,7 @@ static int mov_read_packet(AVFormatContext *s, AVPacket *pkt)
> pkt->flags |= AV_PKT_FLAG_DISCARD;
> }
> if (sc->ctts_data && sc->ctts_index < sc->ctts_count) {
> - pkt->pts = pkt->dts + sc->dts_shift + sc->ctts_data[sc->ctts_index].duration;
> + pkt->pts = av_sat_add64(pkt->dts, av_sat_add64(sc->dts_shift, sc->ctts_data[sc->ctts_index].duration));
> /* update ctts context */
> sc->ctts_sample++;
> if (sc->ctts_index < sc->ctts_count &&
This is probably ok
alternatively pts could be set to AV_NOPTS_VALUE if its unrepresentable
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Many things microsoft did are stupid, but not doing something just because
microsoft did it is even more stupid. If everything ms did were stupid they
would be bankrupt already.
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [FFmpeg-devel] [PATCH] Fix integer overflow in mov_read_packet().
2023-11-24 23:38 ` Michael Niedermayer
@ 2023-12-01 18:52 ` Dale Curtis
2023-12-01 23:24 ` Michael Niedermayer
0 siblings, 1 reply; 4+ messages in thread
From: Dale Curtis @ 2023-12-01 18:52 UTC (permalink / raw)
To: FFmpeg development discussions and patches
On Fri, Nov 24, 2023 at 3:38 PM Michael Niedermayer <michael@niedermayer.cc>
wrote:
> On Wed, Nov 22, 2023 at 02:20:59PM -0800, Dale Curtis wrote:
> > Fixes https://crbug.com/1499669:
>
> > runtime error: signed integer overflow: 9223372036853334272 + 1375731456
>
> this looks a bit close to AV_NOPTS_VALUE but its not actually that close
>
Yes I originally thought the same thing!
>
>
> > cannot be represented in type 'int64_t' (aka 'long')
> >
> > Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
> > ---
> > libavformat/mov.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libavformat/mov.c b/libavformat/mov.c
> > index 93f202d204..425ddc6849 100644
> > --- a/libavformat/mov.c
> > +++ b/libavformat/mov.c
> > @@ -9023,7 +9023,7 @@ static int mov_read_packet(AVFormatContext *s,
> AVPacket *pkt)
> > pkt->flags |= AV_PKT_FLAG_DISCARD;
> > }
> > if (sc->ctts_data && sc->ctts_index < sc->ctts_count) {
> > - pkt->pts = pkt->dts + sc->dts_shift +
> sc->ctts_data[sc->ctts_index].duration;
> > + pkt->pts = av_sat_add64(pkt->dts, av_sat_add64(sc->dts_shift,
> sc->ctts_data[sc->ctts_index].duration));
> > /* update ctts context */
> > sc->ctts_sample++;
> > if (sc->ctts_index < sc->ctts_count &&
>
> This is probably ok
> alternatively pts could be set to AV_NOPTS_VALUE if its unrepresentable
>
I defer to you. Either is fine with me. Let me know if you'd like me to
change it.
>
> thx
>
> [...]
>
> --
> Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
>
> Many things microsoft did are stupid, but not doing something just because
> microsoft did it is even more stupid. If everything ms did were stupid they
> would be bankrupt already.
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [FFmpeg-devel] [PATCH] Fix integer overflow in mov_read_packet().
2023-12-01 18:52 ` Dale Curtis
@ 2023-12-01 23:24 ` Michael Niedermayer
0 siblings, 0 replies; 4+ messages in thread
From: Michael Niedermayer @ 2023-12-01 23:24 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1.1: Type: text/plain, Size: 1901 bytes --]
On Fri, Dec 01, 2023 at 10:52:21AM -0800, Dale Curtis wrote:
> On Fri, Nov 24, 2023 at 3:38 PM Michael Niedermayer <michael@niedermayer.cc>
> wrote:
>
> > On Wed, Nov 22, 2023 at 02:20:59PM -0800, Dale Curtis wrote:
> > > Fixes https://crbug.com/1499669:
> >
> > > runtime error: signed integer overflow: 9223372036853334272 + 1375731456
> >
> > this looks a bit close to AV_NOPTS_VALUE but its not actually that close
> >
>
> Yes I originally thought the same thing!
>
>
> >
> >
> > > cannot be represented in type 'int64_t' (aka 'long')
> > >
> > > Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
> > > ---
> > > libavformat/mov.c | 2 +-
> > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/libavformat/mov.c b/libavformat/mov.c
> > > index 93f202d204..425ddc6849 100644
> > > --- a/libavformat/mov.c
> > > +++ b/libavformat/mov.c
> > > @@ -9023,7 +9023,7 @@ static int mov_read_packet(AVFormatContext *s,
> > AVPacket *pkt)
> > > pkt->flags |= AV_PKT_FLAG_DISCARD;
> > > }
> > > if (sc->ctts_data && sc->ctts_index < sc->ctts_count) {
> > > - pkt->pts = pkt->dts + sc->dts_shift +
> > sc->ctts_data[sc->ctts_index].duration;
> > > + pkt->pts = av_sat_add64(pkt->dts, av_sat_add64(sc->dts_shift,
> > sc->ctts_data[sc->ctts_index].duration));
> > > /* update ctts context */
> > > sc->ctts_sample++;
> > > if (sc->ctts_index < sc->ctts_count &&
> >
> > This is probably ok
> > alternatively pts could be set to AV_NOPTS_VALUE if its unrepresentable
> >
>
> I defer to you. Either is fine with me. Let me know if you'd like me to
> change it.
ill apply the original patch
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Opposition brings concord. Out of discord comes the fairest harmony.
-- Heraclitus
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-12-01 23:24 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-11-22 22:20 [FFmpeg-devel] [PATCH] Fix integer overflow in mov_read_packet() Dale Curtis
2023-11-24 23:38 ` Michael Niedermayer
2023-12-01 18:52 ` Dale Curtis
2023-12-01 23:24 ` Michael Niedermayer
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git