SHA256
1
0
forked from pool/ffmpeg-4
ffmpeg-4/ffmpeg-4-CVE-2023-51798.patch

41 lines
1.6 KiB
Diff
Raw Normal View History

From 68146f06f852078866b3ef1564556e3a272920c7 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sat, 30 Dec 2023 02:51:32 +0100
Subject: [PATCH] avfilter/vf_minterpolate: Check pts before division
References: https://bugzilla.opensuse.org/1223304
References: CVE-2023-51798
Fixes: FPE
Fixes: tickets/10758/poc20ffmpeg
Discovered by Zeng Yunxiang
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavfilter/vf_minterpolate.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/libavfilter/vf_minterpolate.c b/libavfilter/vf_minterpolate.c
index 9920210ece..b2242a15ee 100644
--- a/libavfilter/vf_minterpolate.c
+++ b/libavfilter/vf_minterpolate.c
@@ -1075,8 +1075,13 @@ static void interpolate(AVFilterLink *inlink, AVFrame *avf_out)
pts = av_rescale(avf_out->pts, (int64_t) ALPHA_MAX * outlink->time_base.num * inlink->time_base.den,
(int64_t) outlink->time_base.den * inlink->time_base.num);
- alpha = (pts - mi_ctx->frames[1].avf->pts * ALPHA_MAX) / (mi_ctx->frames[2].avf->pts - mi_ctx->frames[1].avf->pts);
- alpha = av_clip(alpha, 0, ALPHA_MAX);
+ if (mi_ctx->frames[2].avf->pts > mi_ctx->frames[1].avf->pts) {
+ alpha = (pts - mi_ctx->frames[1].avf->pts * ALPHA_MAX) / (mi_ctx->frames[2].avf->pts - mi_ctx->frames[1].avf->pts);
+ alpha = av_clip(alpha, 0, ALPHA_MAX);
+ } else {
+ av_log(ctx, AV_LOG_DEBUG, "duplicate input PTS detected\n");
+ alpha = 0;
+ }
if (alpha == 0 || alpha == ALPHA_MAX) {
av_frame_copy(avf_out, alpha ? mi_ctx->frames[2].avf : mi_ctx->frames[1].avf);
--
2.44.0