Module: libav Branch: master Commit: 7709ce029a7bc101b9ac1ceee607cda10dcb89dc
Author: Janne Grunau <[email protected]> Committer: Janne Grunau <[email protected]> Date: Fri Nov 23 14:05:36 2012 +0100 lavf: avoid integer overflow in ff_compute_frame_duration() Scaling the denominator instead of the numerator if it is too large loses precision. Fixes an assert caused by a negative frame duration in the fuzzed sample nasa-8s2.ts_s202310. CC: [email protected] --- libavformat/utils.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index ca52469..fc8b770 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -725,7 +725,10 @@ void ff_compute_frame_duration(int *pnum, int *pden, AVStream *st, *pnum = st->codec->time_base.num; *pden = st->codec->time_base.den; if (pc && pc->repeat_pict) { - *pnum = (*pnum) * (1 + pc->repeat_pict); + if (*pnum > INT_MAX / (1 + pc->repeat_pict)) + *pden /= 1 + pc->repeat_pict; + else + *pnum *= 1 + pc->repeat_pict; } //If this codec can be interlaced or progressive then we need a parser to compute duration of a packet //Thus if we have no parser in such case leave duration undefined. _______________________________________________ libav-commits mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-commits
