This is an automated email from the git hooks/post-receive script.
Git pushed a commit to branch master
in repository ffmpeg.
The following commit(s) were added to refs/heads/master by this push:
new 7e1cec8e0a avformat/dashdec: fix unsigned integer overflow in segment
number calculation
7e1cec8e0a is described below
commit 7e1cec8e0a61e529c4d440be28700a3fd8f2ba9a
Author: Steven Liu <[email protected]>
AuthorDate: Mon Jun 15 09:24:51 2026 +0800
Commit: stevenliu <[email protected]>
CommitDate: Mon Jun 15 02:22:05 2026 +0000
avformat/dashdec: fix unsigned integer overflow in segment number
calculation
fix issue: issues/23238
Several time-related fields in DASHContext were declared as uint64_t,
causing the arithmetic in calc_cur_seg_no(), calc_min_seg_no(), and
calc_max_seg_no() to be performed with unsigned semantics.
The expression:
(get_current_time_in_sec() - availability_start_time) * fragment_timescale
is uint64_t throughout. When presentationTimeOffset is large (e.g. an
absolute epoch-based timestamp common in DVB-DASH live streams), the
subsequent subtraction:
uint64_t_result - presentation_timeoffset
wraps around to a value near 2^64, because the elapsed wall-clock time
in timescale ticks is far smaller than the absolute presentation time
offset. The enormous quotient ends up truncated to int32_t when passed
to ff_dash_fill_tmpl_params(), producing a negative $Number$ value in
the segment URL and causing repeated HTTP 403 errors.
Fix this by changing the affected fields and the two helper functions
(get_current_time_in_sec, get_utc_date_time_insec) from uint64_t to
int64_t. All values involved are well within the int64_t range (Unix
timestamps in seconds and ISO 8601 durations), and the arithmetic
naturally needs signed semantics because intermediate sub-expressions
like (elapsed - time_shift_buffer_depth) can be negative at stream
start.
Signed-off-by: Steven Liu <[email protected]>
---
libavformat/dashdec.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/libavformat/dashdec.c b/libavformat/dashdec.c
index 4cfc871ad4..0ffab1e889 100644
--- a/libavformat/dashdec.c
+++ b/libavformat/dashdec.c
@@ -137,14 +137,14 @@ typedef struct DASHContext {
struct representation **subtitles;
/* MediaPresentationDescription Attribute */
- uint64_t media_presentation_duration;
- uint64_t suggested_presentation_delay;
- uint64_t availability_start_time;
- uint64_t availability_end_time;
- uint64_t publish_time;
- uint64_t minimum_update_period;
- uint64_t time_shift_buffer_depth;
- uint64_t min_buffer_time;
+ int64_t media_presentation_duration;
+ int64_t suggested_presentation_delay;
+ int64_t availability_start_time;
+ int64_t availability_end_time;
+ int64_t publish_time;
+ int64_t minimum_update_period;
+ int64_t time_shift_buffer_depth;
+ int64_t min_buffer_time;
/* Period Attribute */
uint64_t period_duration;
@@ -180,12 +180,12 @@ static int aligned(int val)
return ((val + 0x3F) >> 6) << 6;
}
-static uint64_t get_current_time_in_sec(void)
+static int64_t get_current_time_in_sec(void)
{
return av_gettime() / 1000000;
}
-static uint64_t get_utc_date_time_insec(AVFormatContext *s, const char
*datetime)
+static int64_t get_utc_date_time_insec(AVFormatContext *s, const char
*datetime)
{
struct tm timeinfo;
int year = 0;
@@ -1456,7 +1456,7 @@ static int64_t calc_cur_seg_no(AVFormatContext *s, struct
representation *pls)
} else if (pls->fragment_duration){
av_log(s, AV_LOG_TRACE, "in fragment_duration mode
fragment_timescale = %"PRId64", presentation_timeoffset = %"PRId64"\n",
pls->fragment_timescale, pls->presentation_timeoffset);
if (pls->presentation_timeoffset) {
- num = pls->first_seq_no + (((get_current_time_in_sec() -
c->availability_start_time) *
pls->fragment_timescale)-pls->presentation_timeoffset) / pls->fragment_duration
- c->min_buffer_time;
+ num = pls->first_seq_no + ((get_current_time_in_sec() -
c->availability_start_time) * pls->fragment_timescale) / pls->fragment_duration
- c->min_buffer_time;
} else if (c->publish_time > 0 && !c->availability_start_time) {
if (c->min_buffer_time) {
num = pls->first_seq_no + (((c->publish_time +
pls->fragment_duration) - c->suggested_presentation_delay) *
pls->fragment_timescale) / pls->fragment_duration - c->min_buffer_time;
_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]
