diff options
author | Oneric <oneric@oneric.stub> | 2022-04-16 00:10:11 +0200 |
---|---|---|
committer | Oneric <oneric@oneric.stub> | 2022-04-26 21:35:37 +0200 |
commit | 85c8c6d7be14cc2602b92ec715834b9c1069a325 (patch) | |
tree | 9711043ed47a26d73fe26c93198e73a9310eebcc /libass | |
parent | 5125a9af5ed36a12d444fdb9db60a86070a1e046 (diff) | |
download | libass-85c8c6d7be14cc2602b92ec715834b9c1069a325.tar.bz2 libass-85c8c6d7be14cc2602b92ec715834b9c1069a325.tar.xz |
parse: avoid UB on double to integer casts
Casting floating point values to an integer type is undefined
behaviour if it's not a regular number or the integral part cannot be
represented in the integer type.
This fixes issues found by UBSAN in libass' public OSS-Fuzz corpus
where NAN ("be") or a too large value ("k") was casted to int.
Sample IDs (one instance each there are duplicates):
OSSFuzz-3617a28ea3900c2603059049ce4c70c01a535a3e
OSSFuzz-292a3032ea273cc9dbaaa0a4291dd84e0cc07c65
Diffstat (limited to 'libass')
-rw-r--r-- | libass/ass_parse.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/libass/ass_parse.c b/libass/ass_parse.c index b566313..9dc59f3 100644 --- a/libass/ass_parse.c +++ b/libass/ass_parse.c @@ -768,10 +768,10 @@ char *parse_tags(ASS_Renderer *render_priv, char *p, char *end, double pwr, } else if (tag("be")) { double dval; if (nargs) { - int val; + int32_t val; dval = argtod(*args); // VSFilter always adds +0.5, even if the value is negative - val = (int) (render_priv->state.be * (1 - pwr) + dval * pwr + 0.5); + val = dtoi32(render_priv->state.be * (1 - pwr) + dval * pwr + 0.5); // Clamp to a safe upper limit, since high values need excessive CPU val = (val < 0) ? 0 : val; val = (val > MAX_BE) ? MAX_BE : val; @@ -816,7 +816,7 @@ char *parse_tags(ASS_Renderer *render_priv, char *p, char *end, double pwr, if (render_priv->state.effect_timing) render_priv->state.effect_skip_timing += render_priv->state.effect_timing; - render_priv->state.effect_timing = val * 10; + render_priv->state.effect_timing = dtoi32(val * 10); } else if (tag("shad")) { double val, xval, yval; if (nargs) { |