[FFmpeg-devel] [PATCH] Fix signed integer overflows
Carl Eugen Hoyos
ceffmpeg at gmail.com
Fri Aug 18 11:13:01 EEST 2017
2017-08-18 8:14 GMT+02:00 Vitaly Buka <vitalybuka-at-google.com at ffmpeg.org>:
> Signed integer overflow is undefined behavior.
> Detected with clang and -fsanitize=signed-integer-overflow
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -5572,7 +5572,7 @@ static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom)
>
> if (atom.size < 0)
> atom.size = INT64_MAX;
> - while (total_size + 8 <= atom.size && !avio_feof(pb)) {
> + while (total_size <= atom.size - 8 && !avio_feof(pb)) {
Can you provide the sample that produces this overflow?
Carl Eugen
More information about the ffmpeg-devel
mailing list