[FFmpeg-cvslog] avformat/utils: avoid overflow in compute_chapters_end() with huge durations

Michael Niedermayer git at videolan.org
Sun Jun 5 03:16:44 CEST 2016


ffmpeg | branch: release/3.0 | Michael Niedermayer <michael at niedermayer.cc> | Sat May 28 23:51:35 2016 +0200| [7f864badc01f92f5861aa57dc954c07977b2f1f4] | committer: Michael Niedermayer

avformat/utils: avoid overflow in compute_chapters_end()  with huge durations

Fixes: usan_granule_overflow

Found-by: Thomas Guilbert <tguilbert at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit c1ed78a591f68f3c81eded0bfaac313937ffa3b6)

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7f864badc01f92f5861aa57dc954c07977b2f1f4
---

 libavformat/utils.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/utils.c b/libavformat/utils.c
index fe684c3..542ded7 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -2919,7 +2919,7 @@ static void compute_chapters_end(AVFormatContext *s)
     unsigned int i, j;
     int64_t max_time = 0;
 
-    if (s->duration > 0)
+    if (s->duration > 0 && s->start_time < INT64_MAX - s->duration)
         max_time = s->duration +
                        ((s->start_time == AV_NOPTS_VALUE) ? 0 : s->start_time);
 



More information about the ffmpeg-cvslog mailing list