[FFmpeg-cvslog] avfilter/avf_concat: check for possible integer overflow

Paul B Mahol git at videolan.org
Mon Sep 14 19:23:07 EEST 2020


ffmpeg | branch: master | Paul B Mahol <onemda at gmail.com> | Sun Sep 13 13:33:49 2020 +0200| [05c8d0bce64888c5312822fbc9cdb63934b86519] | committer: Paul B Mahol

avfilter/avf_concat: check for possible integer overflow

Also check that segment delta pts is always bigger than input pts.

There is nothing much currently that can be done to recover from
this situation so just return AVERROR_INVALIDDATA error code.

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=05c8d0bce64888c5312822fbc9cdb63934b86519
---

 libavfilter/avf_concat.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavfilter/avf_concat.c b/libavfilter/avf_concat.c
index 5608ed9ac6..df6414704d 100644
--- a/libavfilter/avf_concat.c
+++ b/libavfilter/avf_concat.c
@@ -251,6 +251,10 @@ static int send_silence(AVFilterContext *ctx, unsigned in_no, unsigned out_no,
 
     if (!rate_tb.den)
         return AVERROR_BUG;
+    if (cat->in[in_no].pts < INT64_MIN + seg_delta)
+        return AVERROR_INVALIDDATA;
+    if (seg_delta < cat->in[in_no].pts)
+        return AVERROR_INVALIDDATA;
     nb_samples = av_rescale_q(seg_delta - cat->in[in_no].pts,
                               outlink->time_base, rate_tb);
     frame_nb_samples = FFMAX(9600, rate_tb.den / 5); /* arbitrary */



More information about the ffmpeg-cvslog mailing list