From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 4F21D468F7 for ; Wed, 22 Nov 2023 22:21:27 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6D0AC68CEF7; Thu, 23 Nov 2023 00:21:24 +0200 (EET) Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3FA8968C5BA for ; Thu, 23 Nov 2023 00:21:17 +0200 (EET) Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-40b35199f94so22665e9.0 for ; Wed, 22 Nov 2023 14:21:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1700691676; x=1701296476; darn=ffmpeg.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=Gwr7gyQ4kko7ehEFXjfW93d2+UYdp2LlNFJp7agtrAk=; b=dyIpnwYICY4DczXMsgugEKNi/+sxnGulQfBMHZt0Bo5zepaxt4iTiJUIJL/fJp3wcs yk9VLC2gDAeCTFb5ENgpQjxwTZ9z0w+LQZiPt53lFRurgkDKwmg1/Ult52UuPHM0GVbk r9DjoIkvrC21GTiFF6bZOSc0nA9xJf6SlpQD8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700691676; x=1701296476; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=Gwr7gyQ4kko7ehEFXjfW93d2+UYdp2LlNFJp7agtrAk=; b=Y3qFW/4swBQk7G8xIVDY4NiKIhLpkgY6zBQDhGfTz+nqcnQNikvxdEWBTfTXidWZkF XFm0bJvD0WYJQ1uz+nHe011yU2mud7Qm/62VRl62K4fp2a1FTFI/2eu8Rv48RvFlhP0J NxffuqIoKN7sFo6T9WJy8VoFhp9rnmuQ9JBn82YnKHgSxxQl4UnUOoXnA1KEkCChdEWA jpdSHbBqprSCz7uVey6iNaNN662eEkQ2fL3JktgloGG6IUltxXV2OCT3AeAntAY9Vmw2 lJLd+tBZlaOnCrK4WIpjT9KvaJxBdafm4HiKpRBUKVfazzcUlDDYV4XN0BchQnsLw/YZ /Eaw== X-Gm-Message-State: AOJu0Yx0XoQhLXqiMHXrkPFBxIwUGvg8WktO20Bj/Pnfa2vfHTaqx3bx MawSYgz+Vfa9y2Q/vvZ/HlA7fon8v7TFrZd0V9tWF9ipSIR36RvT0ftMxw== X-Google-Smtp-Source: AGHT+IHxfaqkocHJerVRLhyxC22dmoRp7rIhDv6QtkazxxevqCDZzgB0H8NClaf8NVEQD0XH9e8CvuIJd/nwfzwizmI= X-Received: by 2002:a05:600c:5112:b0:40b:2979:9cc2 with SMTP id o18-20020a05600c511200b0040b29799cc2mr178279wms.1.1700691675489; Wed, 22 Nov 2023 14:21:15 -0800 (PST) MIME-Version: 1.0 From: Dale Curtis Date: Wed, 22 Nov 2023 14:20:59 -0800 Message-ID: To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="00000000000031c8d3060ac523ff" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: [FFmpeg-devel] [PATCH] Fix integer overflow in mov_read_packet(). X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --00000000000031c8d3060ac523ff Content-Type: text/plain; charset="UTF-8" Fixes https://crbug.com/1499669: runtime error: signed integer overflow: 9223372036853334272 + 1375731456 cannot be represented in type 'int64_t' (aka 'long') Signed-off-by: Dale Curtis --- libavformat/mov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 93f202d204..425ddc6849 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -9023,7 +9023,7 @@ static int mov_read_packet(AVFormatContext *s, AVPacket *pkt) pkt->flags |= AV_PKT_FLAG_DISCARD; } if (sc->ctts_data && sc->ctts_index < sc->ctts_count) { - pkt->pts = pkt->dts + sc->dts_shift + sc->ctts_data[sc->ctts_index].duration; + pkt->pts = av_sat_add64(pkt->dts, av_sat_add64(sc->dts_shift, sc->ctts_data[sc->ctts_index].duration)); /* update ctts context */ sc->ctts_sample++; if (sc->ctts_index < sc->ctts_count && -- --00000000000031c8d3060ac523ff Content-Type: application/octet-stream; name="0001-Fix-integer-overflow-in-mov_read_packet.patch" Content-Disposition: attachment; filename="0001-Fix-integer-overflow-in-mov_read_packet.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_lpabwddr0 RnJvbSBhODJmY2UzMjEyZWJmOGJkYjgyYzQ0NjYzZGIyMTUyNjAxYjM3ZDU3IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBEYWxlIEN1cnRpcyA8ZGFsZWN1cnRpc0BjaHJvbWl1bS5vcmc+ CkRhdGU6IFdlZCwgMjIgTm92IDIwMjMgMjI6MTc6MzcgKzAwMDAKU3ViamVjdDogW1BBVENIXSBG aXggaW50ZWdlciBvdmVyZmxvdyBpbiBtb3ZfcmVhZF9wYWNrZXQoKS4KCkZpeGVzIGh0dHBzOi8v Y3JidWcuY29tLzE0OTk2Njk6CnJ1bnRpbWUgZXJyb3I6IHNpZ25lZCBpbnRlZ2VyIG92ZXJmbG93 OiA5MjIzMzcyMDM2ODUzMzM0MjcyICsgMTM3NTczMTQ1NgpjYW5ub3QgYmUgcmVwcmVzZW50ZWQg aW4gdHlwZSAnaW50NjRfdCcgKGFrYSAnbG9uZycpCgpTaWduZWQtb2ZmLWJ5OiBEYWxlIEN1cnRp cyA8ZGFsZWN1cnRpc0BjaHJvbWl1bS5vcmc+Ci0tLQogbGliYXZmb3JtYXQvbW92LmMgfCAyICst CiAxIGZpbGUgY2hhbmdlZCwgMSBpbnNlcnRpb24oKyksIDEgZGVsZXRpb24oLSkKCmRpZmYgLS1n aXQgYS9saWJhdmZvcm1hdC9tb3YuYyBiL2xpYmF2Zm9ybWF0L21vdi5jCmluZGV4IDkzZjIwMmQy MDQuLjQyNWRkYzY4NDkgMTAwNjQ0Ci0tLSBhL2xpYmF2Zm9ybWF0L21vdi5jCisrKyBiL2xpYmF2 Zm9ybWF0L21vdi5jCkBAIC05MDIzLDcgKzkwMjMsNyBAQCBzdGF0aWMgaW50IG1vdl9yZWFkX3Bh Y2tldChBVkZvcm1hdENvbnRleHQgKnMsIEFWUGFja2V0ICpwa3QpCiAgICAgICAgIHBrdC0+Zmxh Z3MgfD0gQVZfUEtUX0ZMQUdfRElTQ0FSRDsKICAgICB9CiAgICAgaWYgKHNjLT5jdHRzX2RhdGEg JiYgc2MtPmN0dHNfaW5kZXggPCBzYy0+Y3R0c19jb3VudCkgewotICAgICAgICBwa3QtPnB0cyA9 IHBrdC0+ZHRzICsgc2MtPmR0c19zaGlmdCArIHNjLT5jdHRzX2RhdGFbc2MtPmN0dHNfaW5kZXhd LmR1cmF0aW9uOworICAgICAgICBwa3QtPnB0cyA9IGF2X3NhdF9hZGQ2NChwa3QtPmR0cywgYXZf c2F0X2FkZDY0KHNjLT5kdHNfc2hpZnQsIHNjLT5jdHRzX2RhdGFbc2MtPmN0dHNfaW5kZXhdLmR1 cmF0aW9uKSk7CiAgICAgICAgIC8qIHVwZGF0ZSBjdHRzIGNvbnRleHQgKi8KICAgICAgICAgc2Mt PmN0dHNfc2FtcGxlKys7CiAgICAgICAgIGlmIChzYy0+Y3R0c19pbmRleCA8IHNjLT5jdHRzX2Nv dW50ICYmCi0tIAoyLjQzLjAucmMxLjQxMy5nZWE3ZWQ2Nzk0NS1nb29nCgo= --00000000000031c8d3060ac523ff Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --00000000000031c8d3060ac523ff--