avfilter/avf_concat: check for possible integer overflow

Also check that segment delta pts is always bigger than input pts. There is nothing much currently that can be done to recover from this situation so just return AVERROR_INVALIDDATA error code.
author: Paul B Mahol <onemda@gmail.com> 2020-09-13 13:33:49 +0200
committer: Paul B Mahol <onemda@gmail.com> 2020-09-14 18:16:42 +0200
commit: 05c8d0bce64888c5312822fbc9cdb63934b86519 (patch)
tree: fd5c1fb8eb7b9f75607a58537675f995525bd598
parent: 17b44f759e8cbb6952c0ae2dde5fd21adb163651 (diff)
download: ffmpeg-05c8d0bce64888c5312822fbc9cdb63934b86519.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/libavfilter/avf_concat.c b/libavfilter/avf_concat.c
index 5608ed9ac6..df6414704d 100644
--- a/libavfilter/avf_concat.c
+++ b/libavfilter/avf_concat.c
@@ -251,6 +251,10 @@ static int send_silence(AVFilterContext *ctx, unsigned in_no, unsigned out_no,
 
     if (!rate_tb.den)
         return AVERROR_BUG;
+    if (cat->in[in_no].pts < INT64_MIN + seg_delta)
+        return AVERROR_INVALIDDATA;
+    if (seg_delta < cat->in[in_no].pts)
+        return AVERROR_INVALIDDATA;
     nb_samples = av_rescale_q(seg_delta - cat->in[in_no].pts,
                               outlink->time_base, rate_tb);
     frame_nb_samples = FFMAX(9600, rate_tb.den / 5); /* arbitrary */
author	Paul B Mahol <onemda@gmail.com>	2020-09-13 13:33:49 +0200
committer	Paul B Mahol <onemda@gmail.com>	2020-09-14 18:16:42 +0200
commit	05c8d0bce64888c5312822fbc9cdb63934b86519 (patch)
tree	fd5c1fb8eb7b9f75607a58537675f995525bd598
parent	17b44f759e8cbb6952c0ae2dde5fd21adb163651 (diff)
download	ffmpeg-05c8d0bce64888c5312822fbc9cdb63934b86519.tar.gz