avformat/oggdec: Fix integer overflow with invalid pts If negative pts are possible for some codecs in ogg then the code needs to be changed to use signed values. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a867b948ed35b3f5b72ee714232c21d5f591e7aa)

commit: 75976ae026fdbedb14f006eec6cd9119c543aa7f [log] [tgz]
author: Michael Niedermayer <michael@niedermayer.cc> Wed Aug 03 13:34:40 2016 +0200
committer: Chris Cunningham <chcunningham@chromium.org> Wed Aug 03 16:22:03 2016 -0700
tree: 77d2cef082bd50b59b360105e89014c95736afb5
parent: 4e878f7f64d7a9f06ba076d0a2611d7f8b33d793 [diff]
diff --git a/chromium/patches/README b/chromium/patches/README
index 59eeb98..1f37c3e 100644
--- a/chromium/patches/README
+++ b/chromium/patches/README

@@ -9,6 +9,7 @@
   c1ed78a591f68f3c81eded0bfaac313937ffa3b6 - avformat/utils security fix.
   2be3007ed55f1513bcae3d2a076e71878f48eb03 - avformat/utils security fix.
   7e01d48cfd168c3dfc663f03a3b6a98e0ecba328 - avformat/mov security fix.
+  a867b948ed35b3f5b72ee714232c21d5f591e7aa - avformat/oggdec security fix.
 
 Autorename:
   autorename_* files are renamed copies of various files that would cause

diff --git a/libavformat/oggdec.h b/libavformat/oggdec.h
index d7af1cf..4a2b6dd 100644
--- a/libavformat/oggdec.h
+++ b/libavformat/oggdec.h

@@ -162,6 +162,11 @@
         if (dts)
             *dts = pts;
     }
+    if (pts > INT64_MAX && pts != AV_NOPTS_VALUE) {
+        // The return type is unsigned, we thus cannot return negative pts
+        av_log(s, AV_LOG_ERROR, "invalid pts %"PRId64"\n", pts);
+        pts = AV_NOPTS_VALUE;
+    }
 
     return pts;
 }
commit	75976ae026fdbedb14f006eec6cd9119c543aa7f	[log] [tgz]
author	Michael Niedermayer <michael@niedermayer.cc>	Wed Aug 03 13:34:40 2016 +0200
committer	Chris Cunningham <chcunningham@chromium.org>	Wed Aug 03 16:22:03 2016 -0700
tree	77d2cef082bd50b59b360105e89014c95736afb5
parent	4e878f7f64d7a9f06ba076d0a2611d7f8b33d793 [diff]