Fixes: signed integer overflow: 2147483610 + 52 cannot be represented in type 'int' Fixes: 23260/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PBM_fuzzer-5187871274434560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavutil/avsscanf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavutil/avsscanf.c b/libavutil/avsscanf.c index 1c85412fd4..850c117940 100644 --- a/libavutil/avsscanf.c +++ b/libavutil/avsscanf.c @@ -229,9 +229,9 @@ static long long scanexp(FFFILE *f, int pok) return LLONG_MIN; } for (x=0; c-'0'<10U && x<INT_MAX/10; c = shgetc(f)) - x = 10*x + c-'0'; + x = 10*x + (c-'0'); for (y=x; c-'0'<10U && y<LLONG_MAX/100; c = shgetc(f)) - y = 10*y + c-'0'; + y = 10*y + (c-'0'); for (; c-'0'<10U; c = shgetc(f)); shunget(f); return neg ? -y : y; -- 2.17.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
