Fixes: signed integer overflow: 2788626175500000000 + 7118941284000000000 cannot be represented in type 'long' Fixes: 35215/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6123272247836672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavformat/sbgdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/sbgdec.c b/libavformat/sbgdec.c index dafdc4a1cc..0a6e927e57 100644 --- a/libavformat/sbgdec.c +++ b/libavformat/sbgdec.c @@ -935,6 +935,9 @@ static int expand_timestamps(void *log, struct sbg_script *s) } if (s->start_ts == AV_NOPTS_VALUE) s->start_ts = (s->opt_start_at_first && s->tseq) ? s->tseq[0].ts.t : now; + if (av_sat_add64(s->start_ts, s->opt_duration) != s->start_ts + (uint64_t)s->opt_duration) + return AVERROR_INVALIDDATA; + s->end_ts = s->opt_duration ? s->start_ts + s->opt_duration : AV_NOPTS_VALUE; /* may be overridden later by -E option */ cur_ts = now; -- 2.17.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".