This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch master in repository ffmpeg.
commit eb5d60786121249f35499c160f9937a1c7fd9c55 Author: Michael Niedermayer <[email protected]> AuthorDate: Thu Aug 14 02:12:26 2025 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Fri Mar 13 22:48:32 2026 +0100 avutil/timecode: Check for integer overflow in av_timecode_init_from_components() Fixes: integer overflow Fixes: testcase that calls av_timecode_init_from_components() with hh set explicitly to INT_MAX Found-by: Youngjae Choi, Mingyoung Ban, Seunghoon Woo Signed-off-by: Michael Niedermayer <[email protected]> --- libavutil/timecode.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/libavutil/timecode.c b/libavutil/timecode.c index b5352a3961..316100759e 100644 --- a/libavutil/timecode.c +++ b/libavutil/timecode.c @@ -211,6 +211,7 @@ int av_timecode_init(AVTimecode *tc, AVRational rate, int flags, int frame_start int av_timecode_init_from_components(AVTimecode *tc, AVRational rate, int flags, int hh, int mm, int ss, int ff, void *log_ctx) { int ret; + int64_t s; memset(tc, 0, sizeof(*tc)); tc->flags = flags; @@ -221,7 +222,15 @@ int av_timecode_init_from_components(AVTimecode *tc, AVRational rate, int flags, if (ret < 0) return ret; - tc->start = (hh*3600 + mm*60 + ss) * tc->fps + ff; + s = hh*3600LL + mm*60LL + ss; + if (s != (int32_t)s) + return AVERROR(EINVAL); + + s = s * tc->fps + ff; + if (s != (int32_t)s) + return AVERROR(EINVAL); + tc->start = s; + if (tc->flags & AV_TIMECODE_FLAG_DROPFRAME) { /* adjust frame number */ int tmins = 60*hh + mm; tc->start -= (tc->fps / 30 * 2) * (tmins - tmins/10); _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
