[FFmpeg-devel] [PATCH 5/7] avformat/mxfdec: More offset_temp checks
Michael Niedermayer
michael at niedermayer.cc
Thu Sep 19 01:31:58 EEST 2024
On Mon, Sep 16, 2024 at 09:59:11AM +0200, Tomas Härdin wrote:
> sön 2024-09-15 klockan 22:28 +0200 skrev Tomas Härdin:
> > fre 2024-09-13 klockan 01:33 +0200 skrev Michael Niedermayer:
> > > Fixes: signed integer overflow: 9223372036854775807 - -
> > > 1927491430256034080 cannot be represented in type 'long'
> > > Fixes: 70607/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-
> > > 5282235077951488
> > >
> > > Found-by: continuous fuzzing process
> > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > > ---
> > > libavformat/mxfdec.c | 5 +++++
> > > 1 file changed, 5 insertions(+)
> > >
> > > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> > > index 8eae9f87afa..41281c5196d 100644
> > > --- a/libavformat/mxfdec.c
> > > +++ b/libavformat/mxfdec.c
> > > @@ -1924,6 +1924,11 @@ static int
> > > mxf_edit_unit_absolute_offset(MXFContext *mxf, MXFIndexTable
> > > *index_t
> > > return mxf_absolute_bodysid_offset(mxf, index_table-
> > > > body_sid, offset_temp, offset_out, partition_out);
> > > } else {
> > > /* EditUnitByteCount == 0 for VBR indexes, which is
> > > fine
> > > since they use explicit StreamOffsets */
> > > + if (s->edit_unit_byte_count && s->index_duration >
> > > INT64_MAX / s->edit_unit_byte_count ||
> > > + s->edit_unit_byte_count * s->index_duration >
> > > INT64_MAX - offset_temp
> > > + )
> > > + return AVERROR_INVALIDDATA;
> >
> > Actually there's one minor issue: kdevelop warns about lack of
> > parenthesis around the && and ||
>
> It seems where the () are makes little difference, but I'm guessing we
> want them around the || terms simply because that saves a few cycles
will apply with it around the ||
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
If the United States is serious about tackling the national security threats
related to an insecure 5G network, it needs to rethink the extent to which it
values corporate profits and government espionage over security.-Bruce Schneier
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20240919/97f7e99e/attachment.sig>
More information about the ffmpeg-devel
mailing list