avutil/mathematics: return INT64_MIN (=AV_NOPTS_VALUE) from av_rescale_rnd() for overflows

Fixes integer overflow
Fixes: mozilla bug 1229167

Found-by: Tyson Smith
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f03c2ceec1)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
pull/169/head
Michael Niedermayer 9 years ago
parent d295ddffe1
commit e04b039b15
  1. 13
      libavutil/mathematics.c

@ -77,7 +77,7 @@ int64_t av_rescale_rnd(int64_t a, int64_t b, int64_t c, enum AVRounding rnd)
} }
if (a < 0) if (a < 0)
return -av_rescale_rnd(-FFMAX(a, -INT64_MAX), b, c, rnd ^ ((rnd >> 1) & 1)); return -(uint64_t)av_rescale_rnd(-FFMAX(a, -INT64_MAX), b, c, rnd ^ ((rnd >> 1) & 1));
if (rnd == AV_ROUND_NEAR_INF) if (rnd == AV_ROUND_NEAR_INF)
r = c / 2; r = c / 2;
@ -87,8 +87,13 @@ int64_t av_rescale_rnd(int64_t a, int64_t b, int64_t c, enum AVRounding rnd)
if (b <= INT_MAX && c <= INT_MAX) { if (b <= INT_MAX && c <= INT_MAX) {
if (a <= INT_MAX) if (a <= INT_MAX)
return (a * b + r) / c; return (a * b + r) / c;
else else {
return a / c * b + (a % c * b + r) / c; int64_t ad = a / c;
int64_t a2 = (a % c * b + r) / c;
if (ad >= INT32_MAX && ad > (INT64_MAX - a2) / b)
return INT64_MIN;
return ad * b + a2;
}
} else { } else {
#if 1 #if 1
uint64_t a0 = a & 0xFFFFFFFF; uint64_t a0 = a & 0xFFFFFFFF;
@ -112,6 +117,8 @@ int64_t av_rescale_rnd(int64_t a, int64_t b, int64_t c, enum AVRounding rnd)
t1++; t1++;
} }
} }
if (t1 > INT64_MAX)
return INT64_MIN;
return t1; return t1;
} }
#else #else

Loading…
Cancel
Save