[FFmpeg-devel] [PATCH 2/7] avformat/realtextdec: read_ts() in 64bits

Thu, 05 Nov 2020 15:13:14 -0800 

Fixes: signed integer overflow: 46671062 * 100 cannot be represented in type 
'int'
Fixes: 
26826/clusterfuzz-testcase-minimized-ffmpeg_dem_REALTEXT_fuzzer-5644062910316544

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
 libavformat/realtextdec.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/libavformat/realtextdec.c b/libavformat/realtextdec.c
index c2316da0ed..390f8ddc67 100644
--- a/libavformat/realtextdec.c
+++ b/libavformat/realtextdec.c
@@ -45,16 +45,16 @@ static int realtext_probe(const AVProbeData *p)
     return !av_strncasecmp(buf, "<window", 7) ? AVPROBE_SCORE_EXTENSION : 0;
 }
 
-static int read_ts(const char *s)
+static int64_t read_ts(const char *s)
 {
     int hh, mm, ss, ms;
 
-    if (sscanf(s, "%u:%u:%u.%u", &hh, &mm, &ss, &ms) == 4) return (hh*3600 + 
mm*60 + ss) * 100 + ms;
-    if (sscanf(s, "%u:%u:%u"   , &hh, &mm, &ss     ) == 3) return (hh*3600 + 
mm*60 + ss) * 100;
-    if (sscanf(s,    "%u:%u.%u",      &mm, &ss, &ms) == 3) return (          
mm*60 + ss) * 100 + ms;
-    if (sscanf(s,    "%u:%u"   ,      &mm, &ss     ) == 2) return (          
mm*60 + ss) * 100;
-    if (sscanf(s,       "%u.%u",           &ss, &ms) == 2) return (            
      ss) * 100 + ms;
-    return strtol(s, NULL, 10) * 100;
+    if (sscanf(s, "%u:%u:%u.%u", &hh, &mm, &ss, &ms) == 4) return (hh*3600LL + 
mm*60LL + ss) * 100LL + ms;
+    if (sscanf(s, "%u:%u:%u"   , &hh, &mm, &ss     ) == 3) return (hh*3600LL + 
mm*60LL + ss) * 100LL;
+    if (sscanf(s,    "%u:%u.%u",      &mm, &ss, &ms) == 3) return (            
mm*60LL + ss) * 100LL + ms;
+    if (sscanf(s,    "%u:%u"   ,      &mm, &ss     ) == 2) return (            
mm*60LL + ss) * 100LL;
+    if (sscanf(s,       "%u.%u",           &ss, &ms) == 2) return (            
          ss) * 100LL + ms;
+    return strtol(s, NULL, 10) * 100LL;
 }
 
 static int realtext_read_header(AVFormatContext *s)
-- 
2.17.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to