Re: [FFmpeg-devel] [PATCH] libavformat/mov: limit nb_frames_for_fps to INT_MAX
It's this or add overflow detection in mov_read_header().
---
libavformat/mov.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index d5ce077e63..247a65ed11 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -2940,7 +2940,7 @@ static int mov_read_stts(MOVContext *c,
AVIOContext *pb, MOVAtom atom)
if (duration > 0 &&
duration <= INT64_MAX - sc->duration_for_fps &&
-total_sample_count <= INT64_MAX - sc->nb_frames_for_fps
+total_sample_count <= INT_MAX - sc->nb_frames_for_fps
) {
sc->duration_for_fps += duration;
sc->nb_frames_for_fps += total_sample_count;
@@ -4897,7 +4897,7 @@ static int mov_read_trun(MOVContext *c,
AVIOContext *pb, MOVAtom atom)
sc->data_size += sample_size;
if (sample_duration <= INT64_MAX - sc->duration_for_fps &&
-1 <= INT64_MAX - sc->nb_frames_for_fps
+1 <= INT_MAX - sc->nb_frames_for_fps
) {
sc->duration_for_fps += sample_duration;
sc->nb_frames_for_fps ++;
--
2.21.0.593.g511ec345e18-goog
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] libavformat/mov: limit nb_frames_for_fps to INT_MAX
--- Begin Message ---
Fixes: UBSan runtime error
Found-by: Clusterfuzz
---
libavformat/mov.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index d5ce077e63..7e7de5962d 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -2940,7 +2940,7 @@ static int mov_read_stts(MOVContext *c,
AVIOContext *pb, MOVAtom atom)
if (duration > 0 &&
duration <= INT64_MAX - sc->duration_for_fps &&
-total_sample_count <= INT64_MAX - sc->nb_frames_for_fps
+total_sample_count <= INT_MAX - sc->nb_frames_for_fps
) {
sc->duration_for_fps += duration;
sc->nb_frames_for_fps += total_sample_count;
--
2.21.0.593.g511ec345e18-goog
--- End Message ---
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH] avformat/apetag: tag values are unsigned
> > +#define APE_TAG_FLAG_CONTAINS_HEADER (1U << 31) > > Isn't it enough with this one only? Yes, only APE_TAG_FLAG_CONTAINS_HEADER is problematic. I changed all of them because the tags are only used in unsigned contexts anyway. ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] avformat/apetag: tag values are unsigned
Fixes: UBSan runtime error
Found-by: Clusterfuzz
---
libavformat/apetag.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libavformat/apetag.c b/libavformat/apetag.c
index cdc602e1a9..2991f57d5d 100644
--- a/libavformat/apetag.c
+++ b/libavformat/apetag.c
@@ -29,10 +29,10 @@
#include "apetag.h"
#include "internal.h"
-#define APE_TAG_FLAG_CONTAINS_HEADER (1 << 31)
-#define APE_TAG_FLAG_LACKS_FOOTER (1 << 30)
-#define APE_TAG_FLAG_IS_HEADER(1 << 29)
-#define APE_TAG_FLAG_IS_BINARY(1 << 1)
+#define APE_TAG_FLAG_CONTAINS_HEADER (1U << 31)
+#define APE_TAG_FLAG_LACKS_FOOTER (1U << 30)
+#define APE_TAG_FLAG_IS_HEADER(1U << 29)
+#define APE_TAG_FLAG_IS_BINARY(1U << 1)
static int ape_tag_read_field(AVFormatContext *s)
{
--
2.21.0.392.gf8f6787159e-goog
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH] lavf/mov: add support for sidx fragment indexes
Michael, I wanted to check if you have you looked into this playback issue, or were planning to? - Dan ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] lavf/mov: add support for sidx fragment indexes
I took a look at the structure of this file, and the encoding appears to be correct. The frame order in the moof boxes matches the H.264 stream, and the durations of the moof boxes match with the sidx. Some notes to help with analysis: There are no per-frame durations specified, every frame is exactly 3000 time units long (=1s/30). The first frame PTS is 3000, but there is an edit list to shift that to movie time 0. The fragments contain 152 frames each, and the base times of the fragments reflect that correctly. On Fri, Dec 11, 2015 at 2:39 PM Dale Curtis wrote: > This patch seems to be causing some issues with some h264 video-only > content. Attempting to play the following in ffplay with "-v debug -drp 1" > (disables pts/dts fixups and purely uses pts) will cause jerky playback > after seeking around a few times due to dropped out of order frames. These > are shown in the log as "invalid dts/pts combination..." Skipping sidx > parsing for this file yields smooth playback. I haven't figured out yet if > this is bad encoding or something is wrong with the patch, but FYI. > > http://storage.googleapis.com/dalecurtis-shared/buck480p30_na.mp4 > > - dale > > On Tue, Oct 6, 2015 at 9:18 AM, Michael Niedermayer < > mich...@niedermayer.cc> wrote: > >> On Tue, Oct 06, 2015 at 03:50:23AM -0500, Rodger Combs wrote: >> > Fixes trac #3842 >> > --- >> > libavformat/isom.h | 2 + >> > libavformat/mov.c | 245 >> - >> > 2 files changed, 208 insertions(+), 39 deletions(-) >> >> i think this should be applied unless someone has more comments >> >> [...] > > >> -- >> Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB >> >> If you think the mosad wants you dead since a long time then you are >> either >> wrong or dead since a long time. >> >> ___ >> ffmpeg-devel mailing list >> ffmpeg-devel@ffmpeg.org >> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel >> >> ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
