[FFmpeg-cvslog] avformat/asfenc: Check pts
Michael Niedermayer
git at videolan.org
Fri Jan 15 16:37:58 CET 2016
ffmpeg | branch: release/2.7 | Michael Niedermayer <michael at niedermayer.cc> | Tue Jan 12 18:49:20 2016 +0100| [f1cdd93517c8c7f2ed5956962c7e41528c063b1e] | committer: Michael Niedermayer
avformat/asfenc: Check pts
Fixes integer overflow
Fixes: 0063df8be3aaa30dd6d76f59c8f818c8/signal_sigsegv_7b7b59_3634_bf418b6822bbfa68734411d96b667be3.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7c0b84d89911b2035161f5ef51aafbfcc84aa9e2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f1cdd93517c8c7f2ed5956962c7e41528c063b1e
---
libavformat/asfenc.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libavformat/asfenc.c b/libavformat/asfenc.c
index 015c731..6b4e794 100644
--- a/libavformat/asfenc.c
+++ b/libavformat/asfenc.c
@@ -927,6 +927,11 @@ static int asf_write_packet(AVFormatContext *s, AVPacket *pkt)
pts = (pkt->pts != AV_NOPTS_VALUE) ? pkt->pts : pkt->dts;
av_assert0(pts != AV_NOPTS_VALUE);
+ if ( pts < - PREROLL_TIME
+ || pts > (INT_MAX-3)/10000LL * ASF_INDEXED_INTERVAL - PREROLL_TIME) {
+ av_log(s, AV_LOG_ERROR, "input pts %"PRId64" is invalid\n", pts);
+ return AVERROR(EINVAL);
+ }
pts *= 10000;
asf->duration = FFMAX(asf->duration, pts + pkt->duration * 10000);
More information about the ffmpeg-cvslog
mailing list