From d73f0c586e7ef064e2f2a7cb7c84075543e3f010 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Tue, 12 Jan 2016 18:26:34 +0100
Subject: avformat/asfenc: Flush packet before duration becomes unrepresentable

Fixes: 0063df8be3aaa30dd6d76f59c8f818c8/signal_sigsegv_7b7b59_3634_bf418b6822bbfa68734411d96b667be3.mov
Fixes assertion failure

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/asfenc.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'libavformat/asfenc.c')

diff --git a/libavformat/asfenc.c b/libavformat/asfenc.c
index 32b726bb29..90d5c26317 100644
--- a/libavformat/asfenc.c
+++ b/libavformat/asfenc.c
@@ -862,6 +862,11 @@ static void put_frame(AVFormatContext *s, ASFStream *stream, AVStream *avst,
                 flush_packet(s);
                 continue;
             }
+            if (asf->packet_timestamp_start > INT64_MAX - UINT16_MAX ||
+                timestamp > asf->packet_timestamp_start + UINT16_MAX) {
+                flush_packet(s);
+                continue;
+            }
         }
         if (frag_len1 > 0) {
             if (payload_len > frag_len1)
-- 
cgit v1.2.3