har0ke/FFmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

avformat/avidec: Fix integer overflow in cum_len check

Browse Source 
Fixes: signed integer overflow: 3775922176 * 4278190080 cannot be represented in type 'long'
Fixes: Chromium bug 791237

Reported-by: Matt Wolenetz <wolenetz@google.com>
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 06e092e7819b9437da32925200e7c369f93d82e7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2018-03-08 22:40:50 +01:00
parent adfbb5112d
commit 35194c4e02
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavformat/avidec.c
View File

@ -674,7 +674,7 @@ FF_ENABLE_DEPRECATION_WARNINGS
st->start_time = 0; st->start_time = 0;
avio_rl32(pb); /* buffer size */ avio_rl32(pb); /* buffer size */
avio_rl32(pb); /* quality */ avio_rl32(pb); /* quality */
if (ast->cum_len*ast->scale/ast->rate > 3600) { if (ast->cum_len > 3600LL * ast->rate / ast->scale) {
av_log(s, AV_LOG_ERROR, "crazy start time, iam scared, giving up\n"); av_log(s, AV_LOG_ERROR, "crazy start time, iam scared, giving up\n");
ast->cum_len = 0; ast->cum_len = 0;
} }