[FFmpeg-cvslog] mpegvideo_parser: avoid signed overflow in bitrate calculation
Anton Khirnov
git at videolan.org
Sat Apr 29 14:50:41 EEST 2017
ffmpeg | branch: master | Anton Khirnov <anton at khirnov.net> | Sat Dec 17 15:07:51 2016 +0100| [58405de0951a843765625159402870c1eea3c3b1] | committer: Anton Khirnov
mpegvideo_parser: avoid signed overflow in bitrate calculation
CC: libav-stable at libav.org
Bug-Id: 981
Found-By: Agostino Sarubbo
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=58405de0951a843765625159402870c1eea3c3b1
---
libavcodec/mpegvideo_parser.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/libavcodec/mpegvideo_parser.c b/libavcodec/mpegvideo_parser.c
index 27f2985509..500d1240ef 100644
--- a/libavcodec/mpegvideo_parser.c
+++ b/libavcodec/mpegvideo_parser.c
@@ -97,7 +97,14 @@ static void mpegvideo_extract_headers(AVCodecParserContext *s,
pc->width |=(horiz_size_ext << 12);
pc->height |=( vert_size_ext << 12);
- avctx->bit_rate += (bit_rate_ext << 18) * 400;
+
+ bit_rate_ext <<= 18;
+ if (bit_rate_ext < INT_MAX / 400 &&
+ bit_rate_ext * 400 < INT_MAX - avctx->bit_rate) {
+ avctx->bit_rate += bit_rate_ext * 400;
+ } else
+ avctx->bit_rate = 0;
+
if(did_set_size)
ff_set_dimensions(avctx, pc->width, pc->height);
avctx->framerate.num = pc->frame_rate.num * (frame_rate_ext_n + 1) * 2;
More information about the ffmpeg-cvslog
mailing list