[FFmpeg-devel] [PATCH 3/5] af_hdcd: fix possible integer overflow

Michael Niedermayer michael at niedermayer.cc
Wed Sep 7 01:00:00 EEST 2016


On Mon, Sep 05, 2016 at 06:18:43AM -0500, Burt P wrote:
> Signed-off-by: Burt P <pburt0 at gmail.com>
> ---
>  libavfilter/af_hdcd.c | 9 ++++-----
>  1 file changed, 4 insertions(+), 5 deletions(-)
> 
> diff --git a/libavfilter/af_hdcd.c b/libavfilter/af_hdcd.c
> index c8bda82..c249589 100644
> --- a/libavfilter/af_hdcd.c
> +++ b/libavfilter/af_hdcd.c
> @@ -1004,16 +1004,15 @@ AVFILTER_DEFINE_CLASS(hdcd);
>  static void hdcd_reset(hdcd_state *state, unsigned rate, unsigned cdt_ms)
>  {
>      int i;
> +    uint64_t sustain_reset = cdt_ms * rate / 1000;

this can still overflow
cdt_ms and rate are 32bit their product is 32bit divided by 1000
its around 22 bit, the 64bit is too late


>  
>      state->window = 0;
>      state->readahead = 32;
>      state->arg = 0;
>      state->control = 0;
> -
>      state->running_gain = 0;
> -
> +    state->sustain_reset = sustain_reset;
>      state->sustain = 0;
> -    state->sustain_reset = cdt_ms*rate/1000;

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The worst form of inequality is to try to make unequal things equal.
-- Aristotle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20160907/6f64df79/attachment.sig>


More information about the ffmpeg-devel mailing list