ffmpeg | branch: release/4.4 | Michael Niedermayer <mich...@niedermayer.cc> | Wed Sep 15 21:52:00 2021 +0200| [71d776740c2e11ae48295f1d34941ce8871d62b3] | committer: Michael Niedermayer
avformat/mov: Fix last mfra check Fixes: signed integer overflow: 9223372036854775360 + 536870912 cannot be represented in type 'long' Fixes: 37940/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6095637855207424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> (cherry picked from commit 451ceb5131fa67b0b380d4823981e421909c16db) Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=71d776740c2e11ae48295f1d34941ce8871d62b3 --- libavformat/mov.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 04dda63212..4af796ee31 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -5148,7 +5148,7 @@ static int mov_read_sidx(MOVContext *c, AVIOContext *pb, MOVAtom atom) // See if the remaining bytes are just an mfra which we can ignore. is_complete = offset == stream_size; - if (!is_complete && (pb->seekable & AVIO_SEEKABLE_NORMAL)) { + if (!is_complete && (pb->seekable & AVIO_SEEKABLE_NORMAL) && stream_size > 0 ) { int64_t ret; int64_t original_pos = avio_tell(pb); if (!c->have_read_mfra_size) { @@ -5159,7 +5159,7 @@ static int mov_read_sidx(MOVContext *c, AVIOContext *pb, MOVAtom atom) if ((ret = avio_seek(pb, original_pos, SEEK_SET)) < 0) return ret; } - if (offset + c->mfra_size == stream_size) + if (offset == stream_size - c->mfra_size) is_complete = 1; } _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
