h264parse, h265parse: Fix potential integer overflow

Fixes: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2961
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5295>
This commit is contained in:
Seungha Yang 2023-09-07 20:06:02 +09:00 committed by GStreamer Marge Bot
parent 962384846d
commit efe35a3f6c
2 changed files with 50 additions and 32 deletions

View file

@ -3384,7 +3384,8 @@ gst_h264_parse_pre_push_frame (GstBaseParse * parse, GstBaseParseFrame * frame)
GstH264ClockTimestamp *tim =
&h264parse->pic_timing_sei.clock_timestamp[i];
gint field_count = -1;
guint n_frames;
guint64 n_frames_tmp;
guint n_frames = G_MAXUINT32;
GstVideoTimeCodeFlags flags = 0;
guint64 scale_n, scale_d;
@ -3459,12 +3460,19 @@ gst_h264_parse_pre_push_frame (GstBaseParse * parse, GstBaseParseFrame * frame)
* using time_scale / num_units_in_tick
* => "n_frames = nFrames * (1 + nuit_field_based_flag) / 2".
*/
scale_n = h264parse->parsed_fps_n * vui->num_units_in_tick
* (1 + tim->nuit_field_based_flag);
scale_d = h264parse->parsed_fps_d * vui->time_scale;
scale_n = (guint64) h264parse->parsed_fps_n * vui->num_units_in_tick;
scale_d = (guint64) h264parse->parsed_fps_d * vui->time_scale;
n_frames = gst_util_uint64_scale (tim->n_frames, scale_n, scale_d);
n_frames_tmp = gst_util_uint64_scale (tim->n_frames, scale_n, scale_d);
if (n_frames_tmp <= G_MAXUINT32) {
if (tim->nuit_field_based_flag)
n_frames_tmp *= 2;
if (n_frames_tmp <= G_MAXUINT32)
n_frames = (guint) n_frames_tmp;
}
if (n_frames != G_MAXUINT32) {
GST_LOG_OBJECT (h264parse,
"Add time code meta %02u:%02u:%02u:%02u",
tim->hours_value, tim->minutes_value, tim->seconds_value, n_frames);
@ -3478,6 +3486,7 @@ gst_h264_parse_pre_push_frame (GstBaseParse * parse, GstBaseParseFrame * frame)
tim->minutes_flag ? tim->minutes_value : 0,
tim->seconds_flag ? tim->seconds_value : 0, n_frames, field_count);
}
}
h264parse->num_clock_timestamp = 0;
}

View file

@ -3055,7 +3055,8 @@ gst_h265_parse_pre_push_frame (GstBaseParse * parse, GstBaseParseFrame * frame)
for (i = 0; i < h265parse->time_code.num_clock_ts; i++) {
gint field_count = -1;
guint n_frames;
guint64 n_frames_tmp;
guint n_frames = G_MAXUINT32;
GstVideoTimeCodeFlags flags = 0;
guint64 scale_n, scale_d;
@ -3128,14 +3129,21 @@ gst_h265_parse_pre_push_frame (GstBaseParse * parse, GstBaseParseFrame * frame)
* = nFrames * ------------------------------------------------------------------
* fps_d * vui_time_scale
*/
scale_n = h265parse->parsed_fps_n * vui->num_units_in_tick
* (1 + h265parse->time_code.units_field_based_flag[i]);
scale_d = h265parse->parsed_fps_d * vui->time_scale;
scale_n = (guint64) h265parse->parsed_fps_n * vui->num_units_in_tick;
scale_d = (guint64) h265parse->parsed_fps_d * vui->time_scale;
n_frames =
n_frames_tmp =
gst_util_uint64_scale_int (h265parse->time_code.n_frames[i], scale_n,
scale_d);
if (n_frames_tmp <= G_MAXUINT32) {
if (h265parse->time_code.units_field_based_flag[i])
n_frames_tmp *= 2;
if (n_frames_tmp <= G_MAXUINT32)
n_frames = (guint) n_frames_tmp;
}
if (n_frames != G_MAXUINT32) {
gst_buffer_add_video_time_code_meta_full (parse_buffer,
h265parse->parsed_fps_n,
h265parse->parsed_fps_d,
@ -3149,6 +3157,7 @@ gst_h265_parse_pre_push_frame (GstBaseParse * parse, GstBaseParseFrame * frame)
seconds_value[i] : 0, n_frames, field_count);
}
}
}
gst_video_push_user_data ((GstElement *) h265parse, &h265parse->user_data,
parse_buffer);