On 18/01/16 15:05, Arttu Ylä-Outinen wrote:
> On 2016-01-18 15:22, Luca Barbato wrote:
>> On 18/01/16 08:23, Arttu Ylä-Outinen wrote:
>>> I sent this to FFmpeg as well and they noticed that the multiplication
>>> might overflow. I'll send an updated patch soon.
>>
>> Ticks per frame is 1 or 2, any other value is highly unlikely if I
>> understand what's the problem at hand.
>
> Here's the updated version anyway (attached).
>
I prefer the former, if somebody feels strongly about validating a
user-caused overflow:
diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index 29ba85f..e06ee66 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -1049,6 +1049,16 @@ FF_ENABLE_DEPRECATION_WARNINGS
if (!avctx->rc_initial_buffer_occupancy)
avctx->rc_initial_buffer_occupancy = avctx->rc_buffer_size
* 3 / 4;
+
+ if (avctx->ticks_per_frame &&
+ avctx->ticks_per_frame > INT_MAX / avctx->time_base.num) {
+ av_log(avctx, AV_LOG_ERROR,
+ "ticks_per_frame %d too large for the timebase %d/%d.",
+ avctx->ticks_per_frame,
+ avctx->time_base.num,
+ avctx->time_base.den);
+ goto free_and_end;
+ }
}
if (avctx->codec->init && !(avctx->active_thread_type &
FF_THREAD_FRAME)) {
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
