File ffmpeg-CVE-2021-28429.patch of Package ffmpeg.32491
From c94875471e3ba3dc396c6919ff3ec9b14539cd71 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Mon, 1 Mar 2021 13:44:12 +0100
Subject: [PATCH] avutil/timecode: Avoid fps overflow
Fixes: Integer overflow and division by 0
Fixes: poc-202102-div.mov
Found-by: 1vanChen of NSFOCUS Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavutil/timecode.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavutil/timecode.c b/libavutil/timecode.c
index b1b504edbf..2fc3295e25 100644
--- a/libavutil/timecode.c
+++ b/libavutil/timecode.c
@@ -114,8 +114,8 @@ char *av_timecode_make_string(const AVTimecode *tc, char *buf, int framenum)
}
ff = framenum % fps;
ss = framenum / fps % 60;
- mm = framenum / (fps*60) % 60;
- hh = framenum / (fps*3600);
+ mm = framenum / (fps*60LL) % 60;
+ hh = framenum / (fps*3600LL);
if (tc->flags & AV_TIMECODE_FLAG_24HOURSMAX)
hh = hh % 24;
snprintf(buf, AV_TIMECODE_STR_SIZE, "%s%02d:%02d:%02d%c%02d",
--
2.25.1