avformat/oggdec: Fix integer overflow with invalid pts
If negative pts are possible for some codecs in ogg then the code needs to be
changed to use signed values.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a867b948ed35b3f5b72ee714232c21d5f591e7aa)
diff --git a/chromium/patches/README b/chromium/patches/README
index 59eeb98..1f37c3e 100644
--- a/chromium/patches/README
+++ b/chromium/patches/README
@@ -9,6 +9,7 @@
c1ed78a591f68f3c81eded0bfaac313937ffa3b6 - avformat/utils security fix.
2be3007ed55f1513bcae3d2a076e71878f48eb03 - avformat/utils security fix.
7e01d48cfd168c3dfc663f03a3b6a98e0ecba328 - avformat/mov security fix.
+ a867b948ed35b3f5b72ee714232c21d5f591e7aa - avformat/oggdec security fix.
Autorename:
autorename_* files are renamed copies of various files that would cause
diff --git a/libavformat/oggdec.h b/libavformat/oggdec.h
index d7af1cf..4a2b6dd 100644
--- a/libavformat/oggdec.h
+++ b/libavformat/oggdec.h
@@ -162,6 +162,11 @@
if (dts)
*dts = pts;
}
+ if (pts > INT64_MAX && pts != AV_NOPTS_VALUE) {
+ // The return type is unsigned, we thus cannot return negative pts
+ av_log(s, AV_LOG_ERROR, "invalid pts %"PRId64"\n", pts);
+ pts = AV_NOPTS_VALUE;
+ }
return pts;
}