From f502583663eb2cacfd7f5bb29b39420a970d4fb4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 23 Jan 2016 01:49:21 +0100 Subject: avcodec/mpeg4videoenc: Use 64bit for time variables Fixes assertion failure and integer overflow Fixes: fc677bbea2c6f901763eb637b61fa5e2/signal_sigabrt_7ffff6ae7cb7_9556_dfd95f040a69f725d1b2f861bd491725.ivf Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer --- libavcodec/mpeg4videoenc.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/libavcodec/mpeg4videoenc.c b/libavcodec/mpeg4videoenc.c index 4c1bce87a2..1ba92381ec 100644 --- a/libavcodec/mpeg4videoenc.c +++ b/libavcodec/mpeg4videoenc.c @@ -1088,8 +1088,8 @@ static void mpeg4_encode_vol_header(MpegEncContext *s, /* write mpeg4 VOP header */ int ff_mpeg4_encode_picture_header(MpegEncContext *s, int picture_number) { - int time_incr; - int time_div, time_mod; + uint64_t time_incr; + int64_t time_div, time_mod; if (s->pict_type == AV_PICTURE_TYPE_I) { if (!(s->avctx->flags & AV_CODEC_FLAG_GLOBAL_HEADER)) { @@ -1111,11 +1111,10 @@ int ff_mpeg4_encode_picture_header(MpegEncContext *s, int picture_number) time_div = FFUDIV(s->time, s->avctx->time_base.den); time_mod = FFUMOD(s->time, s->avctx->time_base.den); time_incr = time_div - s->last_time_base; - av_assert0(time_incr >= 0); // This limits the frame duration to max 1 hour if (time_incr > 3600) { - av_log(s->avctx, AV_LOG_ERROR, "time_incr %d too large\n", time_incr); + av_log(s->avctx, AV_LOG_ERROR, "time_incr %"PRIu64" too large\n", time_incr); return AVERROR(EINVAL); } while (time_incr--) -- cgit v1.2.3