This is an automated email from the git hooks/post-receive script.
Git pushed a commit to branch master
in repository ffmpeg.
The following commit(s) were added to refs/heads/master by this push:
new c82196b299 avformat/hlsenc: reject out-of-range EXT-X-PROGRAM-DATE-TIME
c82196b299 is described below
commit c82196b29901dd204e3f17f25ce8c147ce8f3dad
Author: Michael Niedermayer <[email protected]>
AuthorDate: Sat Jun 6 21:02:12 2026 +0200
Commit: michaelni <[email protected]>
CommitDate: Fri Jun 12 01:57:06 2026 +0000
avformat/hlsenc: reject out-of-range EXT-X-PROGRAM-DATE-TIME
Parse the timestamp with av_small_strptime() instead of sscanf(): it
range-checks each field (year 0-9999, month, day, hour, minute, second)
and limits the number of digits consumed, so an oversized field can no
longer overflow during parsing. The mktime() result is additionally
checked for EOVERFLOW.
Fixes: integer overflow
Found-by: Kery (Qi Kery <[email protected]>)
Signed-off-by: Michael Niedermayer <[email protected]>
---
libavformat/hlsenc.c | 28 ++++++++++++++++------------
1 file changed, 16 insertions(+), 12 deletions(-)
diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c
index 6fd99e811b..2a4f65a35a 100644
--- a/libavformat/hlsenc.c
+++ b/libavformat/hlsenc.c
@@ -36,6 +36,7 @@
#include "libavutil/intreadwrite.h"
#include "libavutil/mem.h"
#include "libavutil/opt.h"
+#include "libavutil/parseutils.h"
#include "libavutil/log.h"
#include "libavutil/random_seed.h"
#include "libavutil/time.h"
@@ -1222,23 +1223,26 @@ static int parse_playlist(AVFormatContext *s, const
char *url, VariantStream *vs
}
}
} else if (av_strstart(line, "#EXT-X-PROGRAM-DATE-TIME:", &ptr)) {
- struct tm program_date_time;
- int y,M,d,h,m,sec;
- double ms;
- if (sscanf(ptr, "%d-%d-%dT%d:%d:%d.%lf", &y, &M, &d, &h, &m, &sec,
&ms) != 7) {
+ struct tm program_date_time = { 0 };
+ double ms = 0;
+ char *q = av_small_strptime(ptr, "%Y-%m-%dT%H:%M:%S",
&program_date_time);
+
+ if (!q) {
ret = AVERROR_INVALIDDATA;
goto fail;
}
-
- program_date_time.tm_year = y - 1900;
- program_date_time.tm_mon = M - 1;
- program_date_time.tm_mday = d;
- program_date_time.tm_hour = h;
- program_date_time.tm_min = m;
- program_date_time.tm_sec = sec;
+ if (*q == '.')
+ ms = atof(q + 1);
program_date_time.tm_isdst = -1;
- discont_program_date_time = mktime(&program_date_time);
+ errno = 0;
+ time_t t = mktime(&program_date_time);
+ if (t == (time_t)-1 && errno == EOVERFLOW) {
+ ret = AVERROR_INVALIDDATA;
+ goto fail;
+ }
+ discont_program_date_time = t;
+
discont_program_date_time += (double)(ms / 1000);
} else if (av_strstart(line, "#", NULL)) {
continue;
_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]
