From 05c8d0bce64888c5312822fbc9cdb63934b86519 Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Sun, 13 Sep 2020 13:33:49 +0200 Subject: [PATCH] avfilter/avf_concat: check for possible integer overflow Also check that segment delta pts is always bigger than input pts. There is nothing much currently that can be done to recover from this situation so just return AVERROR_INVALIDDATA error code. --- libavfilter/avf_concat.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavfilter/avf_concat.c b/libavfilter/avf_concat.c index 5608ed9ac6..df6414704d 100644 --- a/libavfilter/avf_concat.c +++ b/libavfilter/avf_concat.c @@ -251,6 +251,10 @@ static int send_silence(AVFilterContext *ctx, unsigned in_no, unsigned out_no, if (!rate_tb.den) return AVERROR_BUG; + if (cat->in[in_no].pts < INT64_MIN + seg_delta) + return AVERROR_INVALIDDATA; + if (seg_delta < cat->in[in_no].pts) + return AVERROR_INVALIDDATA; nb_samples = av_rescale_q(seg_delta - cat->in[in_no].pts, outlink->time_base, rate_tb); frame_nb_samples = FFMAX(9600, rate_tb.den / 5); /* arbitrary */