Module: libav Branch: release/0.8 Commit: f7492d301f5ba251c911da7d714a23e82707c72e
Author: Michael Niedermayer <[email protected]> Committer: Diego Biurrun <[email protected]> Date: Tue Jan 12 18:49:20 2016 +0100 asfenc: Check pts Fixes integer overflow Fixes: 0063df8be3aaa30dd6d76f59c8f818c8/signal_sigsegv_7b7b59_3634_bf418b6822bbfa68734411d96b667be3.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 7c0b84d89911b2035161f5ef51aafbfcc84aa9e2) Signed-off-by: Diego Biurrun <[email protected]> --- libavformat/asfenc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavformat/asfenc.c b/libavformat/asfenc.c index 1cfc857..d1ab2b7 100644 --- a/libavformat/asfenc.c +++ b/libavformat/asfenc.c @@ -800,6 +800,11 @@ static int asf_write_packet(AVFormatContext *s, AVPacket *pkt) pts = (pkt->pts != AV_NOPTS_VALUE) ? pkt->pts : pkt->dts; assert(pts != AV_NOPTS_VALUE); + if ( pts < - PREROLL_TIME + || pts > (INT_MAX-3)/10000LL * ASF_INDEXED_INTERVAL - PREROLL_TIME) { + av_log(s, AV_LOG_ERROR, "input pts %"PRId64" is invalid\n", pts); + return AVERROR(EINVAL); + } duration = pts * 10000; asf->duration= FFMAX(asf->duration, duration + pkt->duration * 10000); _______________________________________________ libav-commits mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-commits
