On Mon, Jan 18, 2016 at 2:59 PM, Luca Barbato <lu_z...@gentoo.org> wrote: > On 18/01/16 15:05, Arttu Ylä-Outinen wrote: >> On 2016-01-18 15:22, Luca Barbato wrote: >>> On 18/01/16 08:23, Arttu Ylä-Outinen wrote: >>>> I sent this to FFmpeg as well and they noticed that the multiplication >>>> might overflow. I'll send an updated patch soon. >>> >>> Ticks per frame is 1 or 2, any other value is highly unlikely if I >>> understand what's the problem at hand. >> >> Here's the updated version anyway (attached). >> > > I prefer the former, if somebody feels strongly about validating a > user-caused overflow: > > diff --git a/libavcodec/utils.c b/libavcodec/utils.c > index 29ba85f..e06ee66 100644 > --- a/libavcodec/utils.c > +++ b/libavcodec/utils.c > @@ -1049,6 +1049,16 @@ FF_ENABLE_DEPRECATION_WARNINGS > > if (!avctx->rc_initial_buffer_occupancy) > avctx->rc_initial_buffer_occupancy = avctx->rc_buffer_size > * 3 / 4; > + > + if (avctx->ticks_per_frame && > + avctx->ticks_per_frame > INT_MAX / avctx->time_base.num) { > + av_log(avctx, AV_LOG_ERROR, > + "ticks_per_frame %d too large for the timebase %d/%d.", > + avctx->ticks_per_frame, > + avctx->time_base.num, > + avctx->time_base.den); > + goto free_and_end; > + } > } > > if (avctx->codec->init && !(avctx->active_thread_type & > FF_THREAD_FRAME)) {
ok if squashed -- Vittorio _______________________________________________ libav-devel mailing list libav-devel@libav.org https://lists.libav.org/mailman/listinfo/libav-devel