From patchwork Fri Aug 18 06:14:47 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vitaly Buka X-Patchwork-Id: 4739 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.103.46.211 with SMTP id u202csp420272vsu; Thu, 17 Aug 2017 23:15:20 -0700 (PDT) X-Received: by 10.28.189.68 with SMTP id n65mr381692wmf.142.1503036920622; Thu, 17 Aug 2017 23:15:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1503036920; cv=none; d=google.com; s=arc-20160816; b=zUfg+ZQjiaclH7D+spkwx8GfRlcQFRCV+lzBT0Hu4Azzy96D3fCKGFwt4NufIEALuq 9smI/ZDhcB6tMWu8ASdN/pbO2KKDOMD/+ygSvK6aIu8CF7jlBQX4sMPLTE2LGcbCKxyv 8S40H0o1M55eKsHLATiKRbGoJE2qPmwIcG3NsIa/S3/XkMMJm+Cqmcj4xWP5ck/qqdu0 XGy9tYOYo4NfiIyCMybqUg4kIdNGQ7pe9NFaYTIRf30019qZcxZSQB4vaFKExKqNXC5e AvRi7Zwbnr5dO0ykzmEQiwwFqojQfD1U8xqwV4JuyPrOZmxXdFpGCqZJL2RmlWIZfzhe 5Nnw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:message-id:date:to:from:dkim-signature :delivered-to:arc-authentication-results; bh=L1uRUfL8NNgFFLWltBno0o923qL0VnUC7F9HqXgp+U8=; b=RO8Gf9ZyNIsHaJvrP1M4cBuDksotW5mcKNaiImpe3wMjTGMbDgUX1I1WGmClA/r84R 2+/wW2s5gp9Z3zi6MToFb+CgFxaxmeOfwXf+rCPCLQ08GhGySkrLR3QO6GxszUHBSFjl QnQ6v7DJEJ/vKhV4Hyn+6TkC3h+V0lePk6iiwlfI6Fb0Kh9gqbD2fLPxCAoOMXFLFqp9 XizyFzOj6Jh7eo0bnuDo/xeBlvtdeSWN/XMbsTwfMI6uMfwgypC5QtareSpO+NY8BfO9 U0gN9bk222P/sRmeujeR5dMId0QBnR0Wc42e78mK6ZmtOBOWEb56RQvnYrQhSRF/+6lq 1ACA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@google.com header.s=20161025 header.b=ppQZJub9; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 59si3792962wrp.7.2017.08.17.23.15.19; Thu, 17 Aug 2017 23:15:20 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@google.com header.s=20161025 header.b=ppQZJub9; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id D63B368989A; Fri, 18 Aug 2017 09:15:10 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pg0-f50.google.com (mail-pg0-f50.google.com [74.125.83.50]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id AA955680467 for ; Fri, 18 Aug 2017 09:15:03 +0300 (EEST) Received: by mail-pg0-f50.google.com with SMTP id t80so30231975pgb.5 for ; Thu, 17 Aug 2017 23:15:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=60tcHaen71e0KDfYu2Wno7GStMT+aM++tXYnmJNm6LY=; b=ppQZJub9aCzItCJr+PDyM4coiqq+ZEATFM3vtQA5mX0ux6QKrTgAvKadC2oeM26NP5 sII8eUv/F25xIGyDn5zWh/RMw49sJdj06Oi5KWappPO2yZ6ZDb5nCvagFOeupoGjGPLf NdeIqohBZo+umt9VggY5n9QZAjKpfGT+bAZxMHmNy8gQCvt79LLzJfk+6JGUoklX2GMO AdG0QAWgUdqhzmAy6Ow+7HvVapu39cCMXUVLZujbLucA48JOyOwmPzhOKJAi9ZlymSpN MF/3R3VR3gcyJt1FQpbBITA3Lvfz2qOgFttpTDXyRCouJRxqV0p/pLL6rBxkoqwakq8F p5hA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=60tcHaen71e0KDfYu2Wno7GStMT+aM++tXYnmJNm6LY=; b=MWwcuSJVl5RxShxZwn85Jry6lgZUxWjSgyspOJfXpBuU+2a0H8BYjCm6PGgXo4fOxc SO+HWl1Fdb/BjbgsnBAoWXng3pa24jcbolJwos2xDFWE8Y37hhWmphKf0rTdc1/tkhJn CnToQaohbuCozWaYlshyVlA4QMhmCCBWmFwI5f0vSGNxEacrp6tBruonEk7sEzlt7ISM arLNrvrOaxgoP3xvaHYAe8TMgrNnLbOUwPaIUy4nXBKyK7C0t6i35ipuIVa6J2zvx+hN iUNXhlVZI6c5luOk0dYqJs7J4WaW2Ny9LUxO0/Rhlyrzh+Tti3t/x1IAXsBHTpAAKs5T KoYA== X-Gm-Message-State: AHYfb5ipSIUdOzvYgi7pgCI4lYZjjgY/1zM/U87U1+yMM5irzR+xf3z6 R184DHT6uqxQFgZnL1gwng== X-Received: by 10.84.241.76 with SMTP id u12mr8518758plm.196.1503036906953; Thu, 17 Aug 2017 23:15:06 -0700 (PDT) Received: from vitalybuka3.svl.corp.google.com ([2620:0:100e:401:1e30:94c5:4940:b41c]) by smtp.gmail.com with ESMTPSA id w123sm9619933pfb.60.2017.08.17.23.15.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 17 Aug 2017 23:15:06 -0700 (PDT) From: Vitaly Buka To: ffmpeg-devel@ffmpeg.org Date: Thu, 17 Aug 2017 23:14:47 -0700 Message-Id: <20170818061447.27158-1-vitalybuka@google.com> X-Mailer: git-send-email 2.14.1.480.gb18f417b89-goog Subject: [FFmpeg-devel] [PATCH] Fix signed integer overflows X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Vitaly Buka MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Signed integer overflow is undefined behavior. Detected with clang and -fsanitize=signed-integer-overflow Signed-off-by: Vitaly Buka --- libavcodec/utils.c | 2 +- libavformat/aviobuf.c | 4 +++- libavformat/mov.c | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 1336e921c9..024dc1f3e2 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -971,7 +971,7 @@ FF_ENABLE_DEPRECATION_WARNINGS } if (!avctx->rc_initial_buffer_occupancy) - avctx->rc_initial_buffer_occupancy = avctx->rc_buffer_size * 3 / 4; + avctx->rc_initial_buffer_occupancy = avctx->rc_buffer_size * 3ll / 4; if (avctx->ticks_per_frame && avctx->time_base.num && avctx->ticks_per_frame > INT_MAX / avctx->time_base.num) { diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c index 7f4e740a33..319a402faf 100644 --- a/libavformat/aviobuf.c +++ b/libavformat/aviobuf.c @@ -259,7 +259,9 @@ int64_t avio_seek(AVIOContext *s, int64_t offset, int whence) offset1 = pos + (s->buf_ptr - s->buffer); if (offset == 0) return offset1; - offset += offset1; + // Use unsigned type to avoid undefined behavior of singed overflow. + // Code below will report error on overflow anyway. + offset += (uint64_t)offset1; } if (offset < 0) return AVERROR(EINVAL); diff --git a/libavformat/mov.c b/libavformat/mov.c index 522ce60c2d..a14c9f182b 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -5572,7 +5572,7 @@ static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (atom.size < 0) atom.size = INT64_MAX; - while (total_size + 8 <= atom.size && !avio_feof(pb)) { + while (total_size <= atom.size - 8 && !avio_feof(pb)) { int (*parse)(MOVContext*, AVIOContext*, MOVAtom) = NULL; a.size = atom.size; a.type=0;