On Mon, Jan 18, 2016 at 2:59 PM, Luca Barbato <lu_z...@gentoo.org> wrote:
> On 18/01/16 15:05, Arttu Ylä-Outinen wrote:
>> On 2016-01-18 15:22, Luca Barbato wrote:
>>> On 18/01/16 08:23, Arttu Ylä-Outinen wrote:
>>>> I sent this to FFmpeg as well and they noticed that the multiplication
>>>> might overflow. I'll send an updated patch soon.
>>>
>>> Ticks per frame is 1 or 2, any other value is highly unlikely if I
>>> understand what's the problem at hand.
>>
>> Here's the updated version anyway (attached).
>>
>
> I prefer the former, if somebody feels strongly about validating a
> user-caused overflow:
>
> diff --git a/libavcodec/utils.c b/libavcodec/utils.c
> index 29ba85f..e06ee66 100644
> --- a/libavcodec/utils.c
> +++ b/libavcodec/utils.c
> @@ -1049,6 +1049,16 @@ FF_ENABLE_DEPRECATION_WARNINGS
>
> if (!avctx->rc_initial_buffer_occupancy)
> avctx->rc_initial_buffer_occupancy = avctx->rc_buffer_size
> * 3 / 4;
> +
> + if (avctx->ticks_per_frame &&
> + avctx->ticks_per_frame > INT_MAX / avctx->time_base.num) {
> + av_log(avctx, AV_LOG_ERROR,
> + "ticks_per_frame %d too large for the timebase %d/%d.",
> + avctx->ticks_per_frame,
> + avctx->time_base.num,
> + avctx->time_base.den);
> + goto free_and_end;
> + }
> }
>
> if (avctx->codec->init && !(avctx->active_thread_type &
> FF_THREAD_FRAME)) {
ok if squashed
--
Vittorio
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel
