From c0fbb6d5b7aab2e01125e30c69c0af4c07855e6f Mon Sep 17 00:00:00 2001
From: Jonathan Baudanza <jon@jonb.org>
Date: Wed, 8 Jan 2025 09:22:13 +0900
Subject: [PATCH] avformat/rtpdec: int overflow in start_time_realtime
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This was previously adjusted by me in 6b3f9c2e92b.
Unfortunately, I traded one integer overflow bug for
another.

Currently, NTP timestamps that exceed INT64_MAX
(~Jan 20, 1968) will cause an overflow when passed
to av_rescale.

This patch replaces av_rescale, which operates on
int64_t, with ff_parse_ntp_time, which operates on
uint64_t. This will give the correct values for
timestamps back around the NTP epoch and present day
timestamps.

Fixes ticket #11388.

Signed-off-by: Martin Storsjö <martin@martin.st>
---
 libavformat/rtsp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
index c48fa26d90..5ea471b40c 100644
--- a/libavformat/rtsp.c
+++ b/libavformat/rtsp.c
@@ -2320,7 +2320,7 @@ redo:
                 }
                 // Make real NTP start time available in AVFormatContext
                 if (s->start_time_realtime == AV_NOPTS_VALUE) {
-                    s->start_time_realtime = av_rescale (rtpctx->first_rtcp_ntp_time, 1000000, 1LL << 32) - NTP_OFFSET_US;
+                    s->start_time_realtime = ff_parse_ntp_time(rtpctx->first_rtcp_ntp_time) - NTP_OFFSET_US;
                     if (rtpctx->st) {
                         s->start_time_realtime -=
                             av_rescale_q (rtpctx->rtcp_ts_offset, rtpctx->st->time_base, AV_TIME_BASE_Q);