Message ID | 20220208145318.26969-1-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | bf33a384995ac21aa41422c6246ebdc5d9632452 |
Headers | show |
Series | [FFmpeg-devel,1/2] avformat/hls: Use unsigned for iv computation | expand |
Context | Check | Description |
---|---|---|
yinshiyou/make_loongarch64 | success | Make finished |
yinshiyou/make_fate_loongarch64 | success | Make fate finished |
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
andriy/make_ppc | success | Make finished |
andriy/make_fate_ppc | success | Make fate finished |
Michael Niedermayer <michael@niedermayer.cc> 于2022年2月8日周二 22:59写道: > > Fixes: signed integer overflow: 9223372036854775748 + 60 cannot be represented in type 'long' > Fixes: 44417/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-5802443881971712 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/hls.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavformat/hls.c b/libavformat/hls.c > index 4568e72cb2..8541fa9420 100644 > --- a/libavformat/hls.c > +++ b/libavformat/hls.c > @@ -914,7 +914,7 @@ static int parse_playlist(HLSContext *c, const char *url, > if (has_iv) { > memcpy(seg->iv, iv, sizeof(iv)); > } else { > - int64_t seq = pls->start_seq_no + pls->n_segments; > + uint64_t seq = pls->start_seq_no + (uint64_t)pls->n_segments; > memset(seg->iv, 0, sizeof(seg->iv)); > AV_WB64(seg->iv + 8, seq); > } > -- > 2.17.1 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". LGTM not sure int limit number is ok for n_segments, but i have no better idea for that. uint64_t here is ok. Thanks
On Wed, Feb 09, 2022 at 01:55:31PM +0800, Steven Liu wrote: > Michael Niedermayer <michael@niedermayer.cc> 于2022年2月8日周二 22:59写道: > > > > Fixes: signed integer overflow: 9223372036854775748 + 60 cannot be represented in type 'long' > > Fixes: 44417/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-5802443881971712 > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavformat/hls.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/libavformat/hls.c b/libavformat/hls.c > > index 4568e72cb2..8541fa9420 100644 > > --- a/libavformat/hls.c > > +++ b/libavformat/hls.c > > @@ -914,7 +914,7 @@ static int parse_playlist(HLSContext *c, const char *url, > > if (has_iv) { > > memcpy(seg->iv, iv, sizeof(iv)); > > } else { > > - int64_t seq = pls->start_seq_no + pls->n_segments; > > + uint64_t seq = pls->start_seq_no + (uint64_t)pls->n_segments; > > memset(seg->iv, 0, sizeof(seg->iv)); > > AV_WB64(seg->iv + 8, seq); > > } > > -- > > 2.17.1 > > > > _______________________________________________ > > ffmpeg-devel mailing list > > ffmpeg-devel@ffmpeg.org > > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > > > To unsubscribe, visit link above, or email > > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". > > LGTM > not sure int limit number is ok for n_segments, but i have no better > idea for that. > uint64_t here is ok. will apply thx [...]
diff --git a/libavformat/hls.c b/libavformat/hls.c index 4568e72cb2..8541fa9420 100644 --- a/libavformat/hls.c +++ b/libavformat/hls.c @@ -914,7 +914,7 @@ static int parse_playlist(HLSContext *c, const char *url, if (has_iv) { memcpy(seg->iv, iv, sizeof(iv)); } else { - int64_t seq = pls->start_seq_no + pls->n_segments; + uint64_t seq = pls->start_seq_no + (uint64_t)pls->n_segments; memset(seg->iv, 0, sizeof(seg->iv)); AV_WB64(seg->iv + 8, seq); }
Fixes: signed integer overflow: 9223372036854775748 + 60 cannot be represented in type 'long' Fixes: 44417/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-5802443881971712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/hls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)