[FFmpeg-devel] Fix undefined behavior in ff_configure_buffers_for_index()

Michael Niedermayer michaelni at gmx.at
Tue Feb 11 22:25:04 EET 2020


On Mon, Feb 10, 2020 at 04:20:56PM -0800, Dale Curtis wrote:
> On Thu, Feb 6, 2020 at 3:38 PM Michael Niedermayer <michaelni at gmx.at> wrote:
> 
> > On Thu, Jan 30, 2020 at 11:23:07AM -0800, Dale Curtis wrote:
> > > On Wed, Jan 29, 2020 at 10:23 PM Michael Niedermayer
> > <michael at niedermayer.cc>
> > > wrote:
> > >
> > > > so i think it works but maybe ive missed something, for which values
> > > > of e2_pts do you see a problem with e1_pts = INT64_MIN?
> > > >
> > >
> > > For e1_pts = INT64_MIN and e2_pts >= 0 you end up with a negative int64_t
> > > result for e2_pts - (uint64_t)e1_pts, so it's always < time_tolerance. If
> > > that's what you intended, then sgtm.
> >
> > thats what the code would do if the elemnts where large enough to not
> > overflow
> > so that seems to match whats intended.
> >
> > Do you see some issue here ?
> >
> 
> Whoops, sorry, I just realized my previous comment was rejected from the
> list since I used the wrong e-mail address. My previous statement was
> incorrect. The code you proposed correctly promotes a uint64_t and not an
> int64_t when used in a conditional. Here's what I wrote that got lost:
> "Actually, this was a test construction error on my part. In a conditional
> this does evaluate to a uint64_t vs int64_t, so the comparison is valid.
> I've attached your recommended patch. Thanks for your patience."
> 
> - dale

>  utils.c |    4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 1a4608774ffd8058ff9e6f62845c51c91ccd84e0  ubfix_v2.patch
> From c50d0a347fc779c71c07757d9cad8a7d56eb857b Mon Sep 17 00:00:00 2001
> From: Dale Curtis <dalecurtis at chromium.org>
> Date: Tue, 28 Jan 2020 16:49:14 -0800
> Subject: [PATCH] Fix undefined behavior in ff_configure_buffers_for_index()
> 
> When e2_pts == INT64_MIN and e1_pts >= 0 the calculation of
> e2_pts - e1_pts will overflow an int64_t.
> 
> Signed-off-by: Dale Curtis <dalecurtis at chromium.org>
> ---
>  libavformat/utils.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)

will apply

thanks

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Take away the freedom of one citizen and you will be jailed, take away
the freedom of all citizens and you will be congratulated by your peers
in Parliament.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20200211/e08b877a/attachment.sig>


More information about the ffmpeg-devel mailing list