| Message ID | 20180309013754.24682-1-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | 06e092e7819b9437da32925200e7c369f93d82e7 |
| Headers | show |
On 2018-03-09 02:37, Michael Niedermayer wrote: > Fixes: signed integer overflow: 3775922176 * 4278190080 cannot be represented in type 'long' > Fixes: Chromium bug 791237 > > Reported-by: Matt Wolenetz <wolenetz@google.com> > Reviewed-by: Matt Wolenetz <wolenetz@google.com> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/avidec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavformat/avidec.c b/libavformat/avidec.c > index 3ff515d492..bafe1dc8da 100644 > --- a/libavformat/avidec.c > +++ b/libavformat/avidec.c > @@ -670,7 +670,7 @@ FF_ENABLE_DEPRECATION_WARNINGS > st->start_time = 0; > avio_rl32(pb); /* buffer size */ > avio_rl32(pb); /* quality */ > - if (ast->cum_len*ast->scale/ast->rate > 3600) { > + if (ast->cum_len > 3600LL * ast->rate / ast->scale) { > av_log(s, AV_LOG_ERROR, "crazy start time, iam scared, giving up\n"); > ast->cum_len = 0; > } Isn't there an AVRational compare function for stuff like this? /Tomas
On Fri, Mar 09, 2018 at 11:03:33AM +0100, Tomas Härdin wrote: > On 2018-03-09 02:37, Michael Niedermayer wrote: > >Fixes: signed integer overflow: 3775922176 * 4278190080 cannot be represented in type 'long' > >Fixes: Chromium bug 791237 > > > >Reported-by: Matt Wolenetz <wolenetz@google.com> > >Reviewed-by: Matt Wolenetz <wolenetz@google.com> > >Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > >--- > > libavformat/avidec.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > >diff --git a/libavformat/avidec.c b/libavformat/avidec.c > >index 3ff515d492..bafe1dc8da 100644 > >--- a/libavformat/avidec.c > >+++ b/libavformat/avidec.c > >@@ -670,7 +670,7 @@ FF_ENABLE_DEPRECATION_WARNINGS > > st->start_time = 0; > > avio_rl32(pb); /* buffer size */ > > avio_rl32(pb); /* quality */ > >- if (ast->cum_len*ast->scale/ast->rate > 3600) { > >+ if (ast->cum_len > 3600LL * ast->rate / ast->scale) { > > av_log(s, AV_LOG_ERROR, "crazy start time, iam scared, giving up\n"); > > ast->cum_len = 0; > > } > > Isn't there an AVRational compare function for stuff like this? AVRational is signed 32/32 bit, cum_len is 64 bit initialized by 32bit unsigned. teh others are 32bit unsigned. So this likely would not fit very well in AVRational based functions [...]
On Fri, Mar 09, 2018 at 02:37:52AM +0100, Michael Niedermayer wrote: > Fixes: signed integer overflow: 3775922176 * 4278190080 cannot be represented in type 'long' > Fixes: Chromium bug 791237 > > Reported-by: Matt Wolenetz <wolenetz@google.com> > Reviewed-by: Matt Wolenetz <wolenetz@google.com> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/avidec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) will apply [...]
diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 3ff515d492..bafe1dc8da 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -670,7 +670,7 @@ FF_ENABLE_DEPRECATION_WARNINGS st->start_time = 0; avio_rl32(pb); /* buffer size */ avio_rl32(pb); /* quality */ - if (ast->cum_len*ast->scale/ast->rate > 3600) { + if (ast->cum_len > 3600LL * ast->rate / ast->scale) { av_log(s, AV_LOG_ERROR, "crazy start time, iam scared, giving up\n"); ast->cum_len = 0; }