ffmpeg/FFmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2024-09-19 12:56:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

avcodec/xsubdec: Check parse_timecode()

Browse Source 
Fixes: CID1604490 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2024-07-05 02:21:42 +02:00
parent ba63e32957
commit 96fd9417e2
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
libavcodec/xsubdec.c
View File

@ -60,6 +60,7 @@ static int decode_frame(AVCodecContext *avctx, AVSubtitle *sub,
int64_t packet_time = 0;
GetBitContext gb;
int has_alpha = avctx->codec_tag == MKTAG('D','X','S','A');
int64_t start_display_time, end_display_time;
// check that at least header fits
if (buf_size < 27 + 7 * 2 + 4 * (3 + has_alpha)) {
@ -74,8 +75,14 @@ static int decode_frame(AVCodecContext *avctx, AVSubtitle *sub,
}
if (avpkt->pts != AV_NOPTS_VALUE)
packet_time = av_rescale_q(avpkt->pts, AV_TIME_BASE_Q, (AVRational){1, 1000});
sub->start_display_time = parse_timecode(buf + 1, packet_time);
sub->end_display_time = parse_timecode(buf + 14, packet_time);
sub->start_display_time = start_display_time = parse_timecode(buf + 1, packet_time);
sub->end_display_time = end_display_time = parse_timecode(buf + 14, packet_time);
if (sub->start_display_time != start_display_time ||
sub-> end_display_time != end_display_time) {
av_log(avctx, AV_LOG_ERROR, "time code not representable in 32bit\n");
return -1;
}
buf += 27;
// read header