From: Kieran Kunhya via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Kieran Kunhya <kieran618@googlemail.com>
Subject: Re: [FFmpeg-devel] [PATCH] avutil/timecode: Check for integer overflow in av_timecode_init_from_components() (PR #20236)
Date: Thu, 14 Aug 2025 04:14:58 -1000
Message-ID: <CABGuwE=spq3vbyo9VJNNtYR9vjqy4K8p12W8dU0xmjXanu3+fQ@mail.gmail.com> (raw)
In-Reply-To: <20250814100755.GP29660@pb2>
On Thu, 14 Aug 2025, 00:08 Michael Niedermayer, <michael@niedermayer.cc>
wrote:
> On Wed, Aug 13, 2025 at 03:36:43PM -1000, Kieran Kunhya via ffmpeg-devel
> wrote:
> > On Wed, 13 Aug 2025, 14:25 michaelni, <code@ffmpeg.org> wrote:
> >
> > > PR #20236 opened by michaelni
> > > URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20236
> > > Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20236.patch
> > >
> > > Fixes: integer overflow
> > > Fixes: testcase that calls av_timecode_init_from_components() with hh
> set
> > > explicitly to INT_MAX
> > >
> > > Found-by: Youngjae Choi, Mingyoung Ban, Seunghoon Woo
> > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > >
> > >
> > > From 0762e660ff8fb8c2f4c3d46a6a6c821bd69633e6 Mon Sep 17 00:00:00 2001
> > > From: Michael Niedermayer <michael@niedermayer.cc>
> > > Date: Thu, 14 Aug 2025 02:12:26 +0200
> > > Subject: [PATCH] avutil/timecode: Check for integer overflow in
> > > av_timecode_init_from_components()
> > >
> > > Fixes: integer overflow
> > > Fixes: testcase that calls av_timecode_init_from_components() with hh
> set
> > > explicitly to INT_MAX
> > >
> > > Found-by: Youngjae Choi, Mingyoung Ban, Seunghoon Woo
> > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > > ---
> > > libavutil/timecode.c | 11 ++++++++++-
> > > 1 file changed, 10 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/libavutil/timecode.c b/libavutil/timecode.c
> > > index bca16b6ac2..052c488071 100644
> > > --- a/libavutil/timecode.c
> > > +++ b/libavutil/timecode.c
> > > @@ -211,6 +211,7 @@ int av_timecode_init(AVTimecode *tc, AVRational
> rate,
> > > int flags, int frame_start
> > > int av_timecode_init_from_components(AVTimecode *tc, AVRational rate,
> int
> > > flags, int hh, int mm, int ss, int ff, void *log_ctx)
> > > {
> > > int ret;
> > > + int64_t s;
> > >
> > > memset(tc, 0, sizeof(*tc));
> > > tc->flags = flags;
> > > @@ -221,7 +222,15 @@ int av_timecode_init_from_components(AVTimecode
> *tc,
> > > AVRational rate, int flags,
> > > if (ret < 0)
> > > return ret;
> > >
> > > - tc->start = (hh*3600 + mm*60 + ss) * tc->fps + ff;
> > > + s = hh*3600LL + mm*60LL + ss;
> > > + if (s != (int32_t)s)
> > > + return AVERROR(EINVAL);
> > > +
> > > + s = s * tc->fps + ff;
> > > + if (s != (int32_t)s)
> > > + return AVERROR(EINVAL);
> > > + tc->start = s;
> > > +
> > > if (tc->flags & AV_TIMECODE_FLAG_DROPFRAME) { /* adjust frame
> number
> > > */
> > > int tmins = 60*hh + mm;
> > > tc->start -= (tc->fps / 30 * 2) * (tmins - tmins/10);
> > > --
> > > 2.49.1
> > >
> >
> > What is the actual security benefit of this?
>
> in reality, probably none
> in theory, it fixes undefined behavior for a range of values that is
> not forbidden by the API
>
>
> > If someone chooses INT_MAX as
> > their timecode value, surely they have to expect it overflows?
>
> this was reported to us as a security issue
> there also was a seperate one with tc=NULL crashing. But that
> violated the API, so it didnt make it to forgejo
>
> thx
>
> [...]
> --
>
I don't think we should partake in this "security vulnerability farming"
exercise. This isn't a security issue and it spams the code with integer
overflow checks to fix a theoretical issue.
Kieran
>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
next prev parent reply other threads:[~2025-08-14 14:15 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20250814002549.6431A68CFFE@ffbox0-bg.ffmpeg.org>
2025-08-14 1:36 ` Kieran Kunhya via ffmpeg-devel
2025-08-14 10:07 ` Michael Niedermayer
2025-08-14 14:14 ` Kieran Kunhya via ffmpeg-devel [this message]
2025-08-14 14:18 ` Nicolas George
2025-08-14 16:44 ` Michael Niedermayer
2025-08-14 0:25 michaelni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CABGuwE=spq3vbyo9VJNNtYR9vjqy4K8p12W8dU0xmjXanu3+fQ@mail.gmail.com' \
--to=ffmpeg-devel@ffmpeg.org \
--cc=kieran618@googlemail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git