diff mbox series

[FFmpeg-devel,1/2] avformat/hls: Use unsigned for iv computation

Message ID 20220208145318.26969-1-michael@niedermayer.cc
State Accepted
Commit bf33a384995ac21aa41422c6246ebdc5d9632452
Headers show
Series [FFmpeg-devel,1/2] avformat/hls: Use unsigned for iv computation | expand

Checks

Context Check Description
yinshiyou/make_loongarch64 success Make finished
yinshiyou/make_fate_loongarch64 success Make fate finished
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished
andriy/make_ppc success Make finished
andriy/make_fate_ppc success Make fate finished

Commit Message

Michael Niedermayer Feb. 8, 2022, 2:53 p.m. UTC 
Fixes: signed integer overflow: 9223372036854775748 + 60 cannot be represented in type 'long'
Fixes: 44417/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-5802443881971712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/hls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Steven Liu Feb. 9, 2022, 5:55 a.m. UTC | #1 
Michael Niedermayer <michael@niedermayer.cc> 于2022年2月8日周二 22:59写道:
>
> Fixes: signed integer overflow: 9223372036854775748 + 60 cannot be represented in type 'long'
> Fixes: 44417/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-5802443881971712
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/hls.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/hls.c b/libavformat/hls.c
> index 4568e72cb2..8541fa9420 100644
> --- a/libavformat/hls.c
> +++ b/libavformat/hls.c
> @@ -914,7 +914,7 @@ static int parse_playlist(HLSContext *c, const char *url,
>                  if (has_iv) {
>                      memcpy(seg->iv, iv, sizeof(iv));
>                  } else {
> -                    int64_t seq = pls->start_seq_no + pls->n_segments;
> +                    uint64_t seq = pls->start_seq_no + (uint64_t)pls->n_segments;
>                      memset(seg->iv, 0, sizeof(seg->iv));
>                      AV_WB64(seg->iv + 8, seq);
>                  }
> --
> 2.17.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

LGTM
not sure int limit number is ok for n_segments, but i have no better
idea for that.
uint64_t here is ok.

Thanks
Michael Niedermayer Feb. 9, 2022, 9:36 a.m. UTC | #2 
On Wed, Feb 09, 2022 at 01:55:31PM +0800, Steven Liu wrote:
> Michael Niedermayer <michael@niedermayer.cc> 于2022年2月8日周二 22:59写道:
> >
> > Fixes: signed integer overflow: 9223372036854775748 + 60 cannot be represented in type 'long'
> > Fixes: 44417/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-5802443881971712
> >
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavformat/hls.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libavformat/hls.c b/libavformat/hls.c
> > index 4568e72cb2..8541fa9420 100644
> > --- a/libavformat/hls.c
> > +++ b/libavformat/hls.c
> > @@ -914,7 +914,7 @@ static int parse_playlist(HLSContext *c, const char *url,
> >                  if (has_iv) {
> >                      memcpy(seg->iv, iv, sizeof(iv));
> >                  } else {
> > -                    int64_t seq = pls->start_seq_no + pls->n_segments;
> > +                    uint64_t seq = pls->start_seq_no + (uint64_t)pls->n_segments;
> >                      memset(seg->iv, 0, sizeof(seg->iv));
> >                      AV_WB64(seg->iv + 8, seq);
> >                  }
> > --
> > 2.17.1
> >
> > _______________________________________________
> > ffmpeg-devel mailing list
> > ffmpeg-devel@ffmpeg.org
> > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> >
> > To unsubscribe, visit link above, or email
> > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
> 
> LGTM
> not sure int limit number is ok for n_segments, but i have no better
> idea for that.
> uint64_t here is ok.

will apply

thx

[...]
diff mbox series

Patch

diff --git a/libavformat/hls.c b/libavformat/hls.c
index 4568e72cb2..8541fa9420 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -914,7 +914,7 @@  static int parse_playlist(HLSContext *c, const char *url,
                 if (has_iv) {
                     memcpy(seg->iv, iv, sizeof(iv));
                 } else {
-                    int64_t seq = pls->start_seq_no + pls->n_segments;
+                    uint64_t seq = pls->start_seq_no + (uint64_t)pls->n_segments;
                     memset(seg->iv, 0, sizeof(seg->iv));
                     AV_WB64(seg->iv + 8, seq);
                 }