avformat/asfenc: Check pts

Fixes integer overflow Fixes: 0063df8be3aaa30dd6d76f59c8f818c8/signal_sigsegv_7b7b59_3634_bf418b6822bbfa68734411d96b667be3.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7c0b84d89911b2035161f5ef51aafbfcc84aa9e2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2016-01-12 18:49:20 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2016-01-31 00:25:20 +0100
commit: 937f3058fa231cecd301fb1012e27807fd44f54b (patch)
tree: a9e9eff830d3089e40a9295348a8141c542d6292 /libavformat/asfenc.c
parent: 78f9c7dd14bec61fd0c33ddd4e2f6775c2045cad (diff)
download: ffmpeg-937f3058fa231cecd301fb1012e27807fd44f54b.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/libavformat/asfenc.c b/libavformat/asfenc.c
index ece840eba6..6d8bfcf9e4 100644
--- a/libavformat/asfenc.c
+++ b/libavformat/asfenc.c
@@ -929,6 +929,11 @@ static int asf_write_packet(AVFormatContext *s, AVPacket *pkt)
 
     pts = (pkt->pts != AV_NOPTS_VALUE) ? pkt->pts : pkt->dts;
     av_assert0(pts != AV_NOPTS_VALUE);
+    if (   pts < - PREROLL_TIME
+        || pts > (INT_MAX-3)/10000LL * ASF_INDEXED_INTERVAL - PREROLL_TIME) {
+        av_log(s, AV_LOG_ERROR, "input pts %"PRId64" is invalid\n", pts);
+        return AVERROR(EINVAL);
+    }
     pts *= 10000;
     asf->duration = FFMAX(asf->duration, pts + pkt->duration * 10000);
author	Michael Niedermayer <michael@niedermayer.cc>	2016-01-12 18:49:20 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2016-01-31 00:25:20 +0100
commit	937f3058fa231cecd301fb1012e27807fd44f54b (patch)
tree	a9e9eff830d3089e40a9295348a8141c542d6292 /libavformat/asfenc.c
parent	78f9c7dd14bec61fd0c33ddd4e2f6775c2045cad (diff)
download	ffmpeg-937f3058fa231cecd301fb1012e27807fd44f54b.tar.gz