diff mbox

[FFmpeg-devel,3/5] af_hdcd: fix possible integer overflow

Message ID 1473074325-20959-4-git-send-email-pburt0@gmail.com
State Accepted
Headers show

Commit Message

Burt P Sept. 5, 2016, 11:18 a.m. UTC 
Signed-off-by: Burt P <pburt0@gmail.com>
---
 libavfilter/af_hdcd.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

Comments

Michael Niedermayer Sept. 6, 2016, 10 p.m. UTC | #1 
On Mon, Sep 05, 2016 at 06:18:43AM -0500, Burt P wrote:
> Signed-off-by: Burt P <pburt0@gmail.com>
> ---
>  libavfilter/af_hdcd.c | 9 ++++-----
>  1 file changed, 4 insertions(+), 5 deletions(-)
> 
> diff --git a/libavfilter/af_hdcd.c b/libavfilter/af_hdcd.c
> index c8bda82..c249589 100644
> --- a/libavfilter/af_hdcd.c
> +++ b/libavfilter/af_hdcd.c
> @@ -1004,16 +1004,15 @@ AVFILTER_DEFINE_CLASS(hdcd);
>  static void hdcd_reset(hdcd_state *state, unsigned rate, unsigned cdt_ms)
>  {
>      int i;
> +    uint64_t sustain_reset = cdt_ms * rate / 1000;

this can still overflow
cdt_ms and rate are 32bit their product is 32bit divided by 1000
its around 22 bit, the 64bit is too late


>  
>      state->window = 0;
>      state->readahead = 32;
>      state->arg = 0;
>      state->control = 0;
> -
>      state->running_gain = 0;
> -
> +    state->sustain_reset = sustain_reset;
>      state->sustain = 0;
> -    state->sustain_reset = cdt_ms*rate/1000;

[...]
Burt P Sept. 7, 2016, 4:03 p.m. UTC | #2 
applied

with fix:
    uint64_t sustain_reset = (uint64_t)cdt_ms * rate / 1000;

Thank you, Michael.
diff mbox

Patch

diff --git a/libavfilter/af_hdcd.c b/libavfilter/af_hdcd.c
index c8bda82..c249589 100644
--- a/libavfilter/af_hdcd.c
+++ b/libavfilter/af_hdcd.c
@@ -1004,16 +1004,15 @@  AVFILTER_DEFINE_CLASS(hdcd);
 static void hdcd_reset(hdcd_state *state, unsigned rate, unsigned cdt_ms)
 {
     int i;
+    uint64_t sustain_reset = cdt_ms * rate / 1000;
 
     state->window = 0;
     state->readahead = 32;
     state->arg = 0;
     state->control = 0;
-
     state->running_gain = 0;
-
+    state->sustain_reset = sustain_reset;
     state->sustain = 0;
-    state->sustain_reset = cdt_ms*rate/1000;
 
     state->code_counterA = 0;
     state->code_counterA_almost = 0;
@@ -1788,8 +1787,8 @@  static av_cold int init(AVFilterContext *ctx)
         hdcd_reset(&s->state[c], 44100, s->cdt_ms);
     }
 
-    av_log(ctx, AV_LOG_VERBOSE, "CDT period: %dms (%d samples @44100Hz)\n",
-        s->cdt_ms, s->cdt_ms*44100/1000 );
+    av_log(ctx, AV_LOG_VERBOSE, "CDT period: %dms (%u samples @44100Hz)\n",
+        s->cdt_ms, s->state[0].sustain_reset );
     av_log(ctx, AV_LOG_VERBOSE, "Process mode: %s\n",
         (s->process_stereo) ? "process stereo channels together" : "process each channel separately");
     av_log(ctx, AV_LOG_VERBOSE, "Force PE: %s\n",