Commit 86835f9f authored by Filip Roséen's avatar Filip Roséen Committed by Rémi Denis-Courmont
Browse files

demux/asf: prevent signed integer overflow (fixes #17579)



The previous implementation could overflow the mtime_t when
multiplying p_sys->p_fp->i_preroll by a thousand when converting from
the asf time unit (milliseconds) to VLCs (microseconds).

Given that you can always divide a value without running into issues
in terms of under/overflow, these changes prevent any overflow error
while still preserving the same logic.

In short the implementation takes advantage of the below two
conditions being equivalent:

   1: A > ( ( B * C ) + D )
   2: ( ( A - D ) / C ) > B
Signed-off-by: Rémi Denis-Courmont's avatarRémi Denis-Courmont <remi@remlab.net>
parent a9a94b22
...@@ -212,7 +212,8 @@ static int Demux( demux_t *p_demux ) ...@@ -212,7 +212,8 @@ static int Demux( demux_t *p_demux )
tk->b_selected = false; tk->b_selected = false;
} }
while( !p_sys->b_eos && p_sys->i_sendtime - p_sys->i_time < (mtime_t)p_sys->p_fp->i_preroll * 1000 + CHUNK ) while( !p_sys->b_eos && ( ( p_sys->i_sendtime - p_sys->i_time - CHUNK ) /
UINT64_C( 1000 ) < p_sys->p_fp->i_preroll ) )
{ {
/* Read and demux a packet */ /* Read and demux a packet */
if( DemuxASFPacket( &p_sys->packet_sys, if( DemuxASFPacket( &p_sys->packet_sys,
...@@ -239,8 +240,8 @@ static int Demux( demux_t *p_demux ) ...@@ -239,8 +240,8 @@ static int Demux( demux_t *p_demux )
p_sys->i_time = p_sys->i_sendtime; p_sys->i_time = p_sys->i_sendtime;
} }
if( p_sys->b_eos || if( p_sys->b_eos || ( ( p_sys->i_sendtime - p_sys->i_time - CHUNK ) /
(p_sys->i_sendtime >= p_sys->i_time + (mtime_t)p_sys->p_fp->i_preroll * 1000 + CHUNK) ) UINT64_C( 1000 ) >= p_sys->p_fp->i_preroll ) )
{ {
bool b_data = Block_Dequeue( p_demux, p_sys->i_time + CHUNK ); bool b_data = Block_Dequeue( p_demux, p_sys->i_time + CHUNK );
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment