ffmpeg | branch: master | Michael Niedermayer <mich...@niedermayer.cc> | Sun Jul 19 16:20:52 2020 +0200| [b6663adaae948a66574dff58923a862774663439] | committer: Michael Niedermayer
avformat/sbgdec: Check for overflow in parse_timestamp() Fixes: signed integer overflow: 33986707200000000 + 9195561788997000192 cannot be represented in type 'long' Fixes: 23790/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6554232198266880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <geo...@nsup.org> Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b6663adaae948a66574dff58923a862774663439 --- libavformat/sbgdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/sbgdec.c b/libavformat/sbgdec.c index de1de271bb..c11244ef3d 100644 --- a/libavformat/sbgdec.c +++ b/libavformat/sbgdec.c @@ -474,6 +474,8 @@ static int parse_timestamp(struct sbg_parser *p, while (lex_char(p, '+')) { if (!lex_time(p, &dt)) return AVERROR_INVALIDDATA; + if (av_sat_add64(rel, dt) - dt != rel) + return AVERROR_INVALIDDATA; rel += dt; r = 1; } _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
