With some (garbled) OGG data, PTS can overflow causing undefined behavior.
This patch avoids that by zeroing out PTS values greater than 2^62.
From 26a8582bc04f5bddc037ffcce99025e2f977abe0 Mon Sep 17 00:00:00 2001
From: Fredrik Hubinette <[email protected]>
Date: Mon, 16 Jul 2018 14:54:43 -0700
Subject: [PATCH] Avoid undefined behavior by limiting PTS to 62 bits in ogg
decoder
---
libavformat/oggdec.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavformat/oggdec.h b/libavformat/oggdec.h
index 4a2b6ddee8..798c74f671 100644
--- a/libavformat/oggdec.h
+++ b/libavformat/oggdec.h
@@ -162,8 +162,9 @@ ogg_gptopts (AVFormatContext * s, int i, uint64_t gp, int64_t *dts)
if (dts)
*dts = pts;
}
- if (pts > INT64_MAX && pts != AV_NOPTS_VALUE) {
+ if (pts > INT64_MAX / 2 && pts != AV_NOPTS_VALUE) {
// The return type is unsigned, we thus cannot return negative pts
+ // Limit the return value to 62 bits to avoid undefined behavior.
av_log(s, AV_LOG_ERROR, "invalid pts %"PRId64"\n", pts);
pts = AV_NOPTS_VALUE;
}
--
2.18.0.203.gfac676dfb9-goog
_______________________________________________
ffmpeg-devel mailing list
[email protected]
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
