[FFmpeg-devel] [PATCH 9/9] avformat/mov: Use int64_t in intermediate for corrected_dts
Kacper Michajlow
kasper93 at gmail.com
Thu Aug 15 03:59:05 EEST 2024
On Mon, 3 Jun 2024 at 04:16, Michael Niedermayer <michael at niedermayer.cc> wrote:
>
> Fixes: CID1500312 Unintentional integer overflow
>
> Sponsored-by: Sovereign Tech Fund
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavformat/mov.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/mov.c b/libavformat/mov.c
> index d15b7b70c50..93643304212 100644
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -3386,7 +3386,7 @@ static int mov_read_stts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
> sc->stts_data[i].duration = 1;
> corrected_dts += (delta_magnitude < 0 ? (int64_t)delta_magnitude : 1) * sample_count;
> } else {
> - corrected_dts += sample_duration * sample_count;
> + corrected_dts += sample_duration * (int64_t)sample_count;
> }
>
> current_dts += sc->stts_data[i].duration * (int64_t)sample_count;
> --
> 2.45.1
This is not enough to guard the overflow, the addition can still overflow.
mov.c:3500:27: runtime error: signed integer overflow:
3206437752653027430 + 8549083172438480532 cannot be represented in
type 'int64_t' (aka 'long')
- Kacper
More information about the ffmpeg-devel
mailing list