diff mbox

[FFmpeg-devel] Avoid undefined behavior when start_time_text is -1<<63

Message ID CAEVbG5qC-pDRdEcFDpy5H9CFixrLRMgGygvyxXSKcfRnaZH=1A@mail.gmail.com
State Superseded
Headers show

Commit Message

Fredrik Hubinette July 17, 2018, 9:37 p.m. UTC

Comments

Michael Niedermayer July 18, 2018, 10:55 a.m. UTC | #1 
On Tue, Jul 17, 2018 at 02:37:55PM -0700, Fredrik Hubinette wrote:
> 

>  utils.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> e69f1a3a447e331cad7ea85e28c0ed13e48ce33c  0001-Avoid-undefined-behavior-when-start_time_text-is-1-6.patch
> From d7bd55c3d280c10b990577003a985296f10a2b59 Mon Sep 17 00:00:00 2001
> From: Fredrik Hubinette <hubbe@google.com>
> Date: Tue, 17 Jul 2018 14:35:55 -0700
> Subject: [PATCH] Avoid undefined behavior when start_time_text is -1<<63
> 
> ---
>  libavformat/utils.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libavformat/utils.c b/libavformat/utils.c
> index c9cdd2b470..5b83ed7872 100644
> --- a/libavformat/utils.c
> +++ b/libavformat/utils.c
> @@ -2666,7 +2666,7 @@ static void update_stream_timings(AVFormatContext *ic)
>                  duration = FFMAX(duration, duration1);
>          }
>      }
> -    if (start_time == INT64_MAX || (start_time > start_time_text && start_time - start_time_text < AV_TIME_BASE))
> +    if (start_time == INT64_MAX || (start_time > start_time_text && start_time - AV_TIME_BASE < start_time_text ))

Casting to uint64_t should be a more complete fix.

[...]
Fredrik Hubinette July 30, 2018, 8:49 p.m. UTC | #2 
Is casting a negative integer to unsigned defined behavior?


On Wed, Jul 18, 2018 at 3:55 AM Michael Niedermayer <michael@niedermayer.cc>
wrote:

> On Tue, Jul 17, 2018 at 02:37:55PM -0700, Fredrik Hubinette wrote:
> >
>
> >  utils.c |    2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > e69f1a3a447e331cad7ea85e28c0ed13e48ce33c
> 0001-Avoid-undefined-behavior-when-start_time_text-is-1-6.patch
> > From d7bd55c3d280c10b990577003a985296f10a2b59 Mon Sep 17 00:00:00 2001
> > From: Fredrik Hubinette <hubbe@google.com>
> > Date: Tue, 17 Jul 2018 14:35:55 -0700
> > Subject: [PATCH] Avoid undefined behavior when start_time_text is -1<<63
> >
> > ---
> >  libavformat/utils.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libavformat/utils.c b/libavformat/utils.c
> > index c9cdd2b470..5b83ed7872 100644
> > --- a/libavformat/utils.c
> > +++ b/libavformat/utils.c
> > @@ -2666,7 +2666,7 @@ static void update_stream_timings(AVFormatContext
> *ic)
> >                  duration = FFMAX(duration, duration1);
> >          }
> >      }
> > -    if (start_time == INT64_MAX || (start_time > start_time_text &&
> start_time - start_time_text < AV_TIME_BASE))
> > +    if (start_time == INT64_MAX || (start_time > start_time_text &&
> start_time - AV_TIME_BASE < start_time_text ))
>
> Casting to uint64_t should be a more complete fix.
>
> [...]
>
> --
> Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
>
> Awnsering whenever a program halts or runs forever is
> On a turing machine, in general impossible (turings halting problem).
> On any real computer, always possible as a real computer has a finite
> number
> of states N, and will either halt in less than N cycles or never halt.
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
Michael Niedermayer July 30, 2018, 11:53 p.m. UTC | #3 
On Mon, Jul 30, 2018 at 01:49:24PM -0700, Fredrik Hubinette wrote:
> Is casting a negative integer to unsigned defined behavior?

yes

6.3.1.3 Signed and unsigned integers

2 Otherwise, if the new type is unsigned, the value is converted by repeatedly adding or
  subtracting one more than the maximum value that can be represented in the new type
  until the value is in the range of the new type.49)

[...]
diff mbox

Patch

From d7bd55c3d280c10b990577003a985296f10a2b59 Mon Sep 17 00:00:00 2001
From: Fredrik Hubinette <hubbe@google.com>
Date: Tue, 17 Jul 2018 14:35:55 -0700
Subject: [PATCH] Avoid undefined behavior when start_time_text is -1<<63

---
 libavformat/utils.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/utils.c b/libavformat/utils.c
index c9cdd2b470..5b83ed7872 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -2666,7 +2666,7 @@  static void update_stream_timings(AVFormatContext *ic)
                 duration = FFMAX(duration, duration1);
         }
     }
-    if (start_time == INT64_MAX || (start_time > start_time_text && start_time - start_time_text < AV_TIME_BASE))
+    if (start_time == INT64_MAX || (start_time > start_time_text && start_time - AV_TIME_BASE < start_time_text ))
         start_time = start_time_text;
     else if (start_time > start_time_text)
         av_log(ic, AV_LOG_VERBOSE, "Ignoring outlier non primary stream starttime %f\n", start_time_text / (float)AV_TIME_BASE);
-- 
2.18.0.203.gfac676dfb9-goog