diff mbox

[FFmpeg-devel] avcodec/dirac_parser: Fix overflow in dts

Message ID 20190803111529.30759-1-michael@niedermayer.cc
State Accepted
Commit 549fcba8fc83330763ccd3cc67233037c96bc6d9
Headers show

Commit Message

Michael Niedermayer Aug. 3, 2019, 11:15 a.m. UTC 
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 15568/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5634719611355136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/dirac_parser.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Paul B Mahol Aug. 5, 2019, 2:57 p.m. UTC | #1 
lgtm

On Sat, Aug 3, 2019 at 1:17 PM Michael Niedermayer <michael@niedermayer.cc>
wrote:

> Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in
> type 'int'
> Fixes:
> 15568/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5634719611355136
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by
> <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>:
> Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/dirac_parser.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavcodec/dirac_parser.c b/libavcodec/dirac_parser.c
> index 1ade44a438..fbc7414c79 100644
> --- a/libavcodec/dirac_parser.c
> +++ b/libavcodec/dirac_parser.c
> @@ -212,7 +212,7 @@ static int dirac_combine_frame(AVCodecParserContext
> *s, AVCodecContext *avctx,
>          if (parse_timing_info && pu1.prev_pu_offset >= 13) {
>              uint8_t *cur_pu = pc->buffer +
>                                pc->index - 13 - pu1.prev_pu_offset;
> -            int pts = AV_RB32(cur_pu + 13);
> +            int64_t pts = AV_RB32(cur_pu + 13);
>              if (s->last_pts == 0 && s->last_dts == 0)
>                  s->dts = pts - 1;
>              else
> --
> 2.22.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
Michael Niedermayer Aug. 5, 2019, 3:01 p.m. UTC | #2 
On Mon, Aug 05, 2019 at 04:57:49PM +0200, Paul B Mahol wrote:
> lgtm

will apply

thx

[...]
diff mbox

Patch

diff --git a/libavcodec/dirac_parser.c b/libavcodec/dirac_parser.c
index 1ade44a438..fbc7414c79 100644
--- a/libavcodec/dirac_parser.c
+++ b/libavcodec/dirac_parser.c
@@ -212,7 +212,7 @@  static int dirac_combine_frame(AVCodecParserContext *s, AVCodecContext *avctx,
         if (parse_timing_info && pu1.prev_pu_offset >= 13) {
             uint8_t *cur_pu = pc->buffer +
                               pc->index - 13 - pu1.prev_pu_offset;
-            int pts = AV_RB32(cur_pu + 13);
+            int64_t pts = AV_RB32(cur_pu + 13);
             if (s->last_pts == 0 && s->last_dts == 0)
                 s->dts = pts - 1;
             else