subject:"Re\: \[FFmpeg\-devel\] \[PATCH 2\/2\] avformat\/mov\: Fix integer overflow in mov_get_stsc

Re: [FFmpeg-devel] [PATCH 2/2] avformat/mov: Fix integer overflow in mov_get_stsc_samples()

2018-03-07 Thread Michael Niedermayer

On Wed, Mar 07, 2018 at 10:14:09AM -0800, Matt Wolenetz wrote:
> Friendly ping. I'd like to not have to land this in Chromium before
> upstream ffmpeg, but I may need to soon.

will apply

[...]
-- 
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

it is not once nor twice but times without number that the same ideas make
their appearance in the world. -- Aristotle


signature.asc
Description: PGP signature
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH 2/2] avformat/mov: Fix integer overflow in mov_get_stsc_samples()

2018-03-07 Thread Matt Wolenetz

Friendly ping. I'd like to not have to land this in Chromium before
upstream ffmpeg, but I may need to soon.

On Tue, Mar 6, 2018 at 6:43 AM, Michael Niedermayer 
wrote:

> Fixes: runtime error: signed integer overflow: 5 * -2147483647 cannot be
> represented in type 'int'
> Fixes: Chromium bug 817338
> Reviewed-by: Matt Wolenetz 
> Reported-by: Matt Wolenetz 
> Signed-off-by: Michael Niedermayer 
> ---
>  libavformat/mov.c | 7 ---
>  1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/libavformat/mov.c b/libavformat/mov.c
> index 95b9cd3f8b..7002a82787 100644
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -2645,7 +2645,7 @@ static inline int mov_stsc_index_valid(unsigned int
> index, unsigned int count)
>  }
>
>  /* Compute the samples value for the stsc entry at the given index. */
> -static inline int mov_get_stsc_samples(MOVStreamContext *sc, unsigned
> int index)
> +static inline int64_t mov_get_stsc_samples(MOVStreamContext *sc,
> unsigned int index)
>  {
>  int chunk_count;
>
> @@ -2654,7 +2654,7 @@ static inline int mov_get_stsc_samples(MOVStreamContext
> *sc, unsigned int index)
>  else
>  chunk_count = sc->chunk_count - (sc->stsc_data[index].first - 1);
>
> -return sc->stsc_data[index].count * chunk_count;
> +return sc->stsc_data[index].count * (int64_t)chunk_count;
>  }
>
>  static int mov_read_stps(MOVContext *c, AVIOContext *pb, MOVAtom atom)
> @@ -7189,12 +7189,13 @@ static int mov_seek_stream(AVFormatContext *s,
> AVStream *st, int64_t timestamp,
>  /* adjust stsd index */
>  time_sample = 0;
>  for (i = 0; i < sc->stsc_count; i++) {
> -int next = time_sample + mov_get_stsc_samples(sc, i);
> +int64_t next = time_sample + mov_get_stsc_samples(sc, i);
>  if (next > sc->current_sample) {
>  sc->stsc_index = i;
>  sc->stsc_sample = sc->current_sample - time_sample;
>  break;
>  }
> +av_assert0(next == (int)next);
>  time_sample = next;
>  }
>
> --
> 2.16.2
>
> ___
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH 2/2] avformat/mov: Fix integer overflow in mov_get_stsc_samples()

2018-03-07 Thread Matthew Wolenetz

Friendly ping. I'd like to not have to land this in Chromium before upstream
 ffmpeg, but I may need to soon.

On Tue, Mar 6, 2018 at 6:43 AM, Michael Niedermayer 
wrote:

> Fixes: runtime error: signed integer overflow: 5 * -2147483647 cannot be
> represented in type 'int'
> Fixes: Chromium bug 817338
> Reviewed-by: Matt Wolenetz 
> Reported-by: Matt Wolenetz 
> Signed-off-by: Michael Niedermayer 
> ---
>  libavformat/mov.c | 7 ---
>  1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/libavformat/mov.c b/libavformat/mov.c
> index 95b9cd3f8b..7002a82787 100644
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -2645,7 +2645,7 @@ static inline int mov_stsc_index_valid(unsigned int
> index, unsigned int count)
>  }
>
>  /* Compute the samples value for the stsc entry at the given index. */
> -static inline int mov_get_stsc_samples(MOVStreamContext *sc, unsigned
> int index)
> +static inline int64_t mov_get_stsc_samples(MOVStreamContext *sc,
> unsigned int index)
>  {
>  int chunk_count;
>
> @@ -2654,7 +2654,7 @@ static inline int mov_get_stsc_samples(MOVStreamContext
> *sc, unsigned int index)
>  else
>  chunk_count = sc->chunk_count - (sc->stsc_data[index].first - 1);
>
> -return sc->stsc_data[index].count * chunk_count;
> +return sc->stsc_data[index].count * (int64_t)chunk_count;
>  }
>
>  static int mov_read_stps(MOVContext *c, AVIOContext *pb, MOVAtom atom)
> @@ -7189,12 +7189,13 @@ static int mov_seek_stream(AVFormatContext *s,
> AVStream *st, int64_t timestamp,
>  /* adjust stsd index */
>  time_sample = 0;
>  for (i = 0; i < sc->stsc_count; i++) {
> -int next = time_sample + mov_get_stsc_samples(sc, i);
> +int64_t next = time_sample + mov_get_stsc_samples(sc, i);
>  if (next > sc->current_sample) {
>  sc->stsc_index = i;
>  sc->stsc_sample = sc->current_sample - time_sample;
>  break;
>  }
> +av_assert0(next == (int)next);
>  time_sample = next;
>  }
>
> --
> 2.16.2
>
> ___
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH 2/2] avformat/mov: Fix integer overflow in mov_get_stsc_samples()

Re: [FFmpeg-devel] [PATCH 2/2] avformat/mov: Fix integer overflow in mov_get_stsc_samples()

Re: [FFmpeg-devel] [PATCH 2/2] avformat/mov: Fix integer overflow in mov_get_stsc_samples()

3 matches

Site Navigation

Mail list logo

Footer information