PR #23260 opened by stevenliu URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23260 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23260.patch
fix issue: issues/23238 Several time-related fields in DASHContext were declared as uint64_t, causing the arithmetic in calc_cur_seg_no(), calc_min_seg_no(), and calc_max_seg_no() to be performed with unsigned semantics. The expression: (get_current_time_in_sec() - availability_start_time) * fragment_timescale is uint64_t throughout. When presentationTimeOffset is large (e.g. an absolute epoch-based timestamp common in DVB-DASH live streams), the subsequent subtraction: uint64_t_result - presentation_timeoffset wraps around to a value near 2^64, because the elapsed wall-clock time in timescale ticks is far smaller than the absolute presentation time offset. The enormous quotient ends up truncated to int32_t when passed to ff_dash_fill_tmpl_params(), producing a negative $Number$ value in the segment URL and causing repeated HTTP 403 errors. Fix this by changing the affected fields and the two helper functions (get_current_time_in_sec, get_utc_date_time_insec) from uint64_t to int64_t. All values involved are well within the int64_t range (Unix timestamps in seconds and ISO 8601 durations), and the arithmetic naturally needs signed semantics because intermediate sub-expressions like (elapsed - time_shift_buffer_depth) can be negative at stream start. Signed-off-by: Steven Liu <[email protected]> >From 6df22e683c1b3f60b9000faf0040830a6d7977e3 Mon Sep 17 00:00:00 2001 From: Steven Liu <[email protected]> Date: Wed, 27 May 2026 12:16:16 +0800 Subject: [PATCH] avformat/dashdec: fix unsigned integer overflow in segment number calculation fix issue: issues/23238 Several time-related fields in DASHContext were declared as uint64_t, causing the arithmetic in calc_cur_seg_no(), calc_min_seg_no(), and calc_max_seg_no() to be performed with unsigned semantics. The expression: (get_current_time_in_sec() - availability_start_time) * fragment_timescale is uint64_t throughout. When presentationTimeOffset is large (e.g. an absolute epoch-based timestamp common in DVB-DASH live streams), the subsequent subtraction: uint64_t_result - presentation_timeoffset wraps around to a value near 2^64, because the elapsed wall-clock time in timescale ticks is far smaller than the absolute presentation time offset. The enormous quotient ends up truncated to int32_t when passed to ff_dash_fill_tmpl_params(), producing a negative $Number$ value in the segment URL and causing repeated HTTP 403 errors. Fix this by changing the affected fields and the two helper functions (get_current_time_in_sec, get_utc_date_time_insec) from uint64_t to int64_t. All values involved are well within the int64_t range (Unix timestamps in seconds and ISO 8601 durations), and the arithmetic naturally needs signed semantics because intermediate sub-expressions like (elapsed - time_shift_buffer_depth) can be negative at stream start. Signed-off-by: Steven Liu <[email protected]> --- libavformat/dashdec.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/libavformat/dashdec.c b/libavformat/dashdec.c index bed82fcf45..bffd015884 100644 --- a/libavformat/dashdec.c +++ b/libavformat/dashdec.c @@ -137,14 +137,14 @@ typedef struct DASHContext { struct representation **subtitles; /* MediaPresentationDescription Attribute */ - uint64_t media_presentation_duration; - uint64_t suggested_presentation_delay; - uint64_t availability_start_time; - uint64_t availability_end_time; - uint64_t publish_time; - uint64_t minimum_update_period; - uint64_t time_shift_buffer_depth; - uint64_t min_buffer_time; + int64_t media_presentation_duration; + int64_t suggested_presentation_delay; + int64_t availability_start_time; + int64_t availability_end_time; + int64_t publish_time; + int64_t minimum_update_period; + int64_t time_shift_buffer_depth; + int64_t min_buffer_time; /* Period Attribute */ uint64_t period_duration; @@ -180,12 +180,12 @@ static int aligned(int val) return ((val + 0x3F) >> 6) << 6; } -static uint64_t get_current_time_in_sec(void) +static int64_t get_current_time_in_sec(void) { return av_gettime() / 1000000; } -static uint64_t get_utc_date_time_insec(AVFormatContext *s, const char *datetime) +static int64_t get_utc_date_time_insec(AVFormatContext *s, const char *datetime) { struct tm timeinfo; int year = 0; -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
