Overview

File ffmpeg-CVE-2021-28429.patch of Package ffmpeg

From c94875471e3ba3dc396c6919ff3ec9b14539cd71 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Mon, 1 Mar 2021 13:44:12 +0100
Subject: [PATCH] avutil/timecode: Avoid fps overflow

Fixes: Integer overflow and division by 0
Fixes: poc-202102-div.mov

Found-by: 1vanChen of NSFOCUS Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavutil/timecode.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavutil/timecode.c b/libavutil/timecode.c
index b1b504edbf..2fc3295e25 100644
--- a/libavutil/timecode.c
+++ b/libavutil/timecode.c
@@ -114,8 +114,8 @@ char *av_timecode_make_string(const AVTimecode *tc, char *buf, int framenum)
     }
     ff = framenum % fps;
     ss = framenum / fps        % 60;
-    mm = framenum / (fps*60)   % 60;
-    hh = framenum / (fps*3600);
+    mm = framenum / (fps*60LL) % 60;
+    hh = framenum / (fps*3600LL);
     if (tc->flags & AV_TIMECODE_FLAG_24HOURSMAX)
         hh = hh % 24;
     snprintf(buf, AV_TIMECODE_STR_SIZE, "%s%02d:%02d:%02d%c%02d",
-- 
2.25.1
openSUSE Build Service is sponsored by
Places