From aebb32748ea23e566c8db6be1b9177898a630384 Mon Sep 17 00:00:00 2001 From: Campbell Barton Date: Fri, 13 Oct 2023 10:48:25 +1100 Subject: [PATCH] Fix UB issue calculating the frame duration for images with FFMPEG AVFormatContext::duration was used without checking it was set, calculations for the frame-rate cast -INT64_MAX to a double, scaled it then cast to an integer - overflowing. On my system the result was a negative number so the duration was never usable in practice. Add an explicit check for this so the duration is left at zero instead. --- source/blender/imbuf/intern/anim_movie.cc | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/source/blender/imbuf/intern/anim_movie.cc b/source/blender/imbuf/intern/anim_movie.cc index f66940d8b04..a0431213bdd 100644 --- a/source/blender/imbuf/intern/anim_movie.cc +++ b/source/blender/imbuf/intern/anim_movie.cc @@ -558,10 +558,20 @@ static int startffmpeg(anim *anim) } } } - /* Fall back to manually estimating the video stream duration. - * This is because the video stream duration can be shorter than the pFormatCtx->duration. - */ - if (anim->duration_in_frames == 0) { + + if (anim->duration_in_frames != 0) { + /* Pass (already valid). */ + } + else if (pFormatCtx->duration == AV_NOPTS_VALUE) { + /* The duration has not been set, happens for single JPEG2000 images. + * NOTE: Leave the duration zeroed, although it could set to 1 so the file is recognized + * as a movie with 1 frame, leave as-is since image loading code-paths are preferred + * in this case. */ + } + else { + /* Fall back to manually estimating the video stream duration. + * This is because the video stream duration can be shorter than the `pFormatCtx->duration`. */ + BLI_assert(anim->duration_in_frames == 0); double stream_dur; if (video_stream->duration != AV_NOPTS_VALUE) {