There is probably a better place to check for this, but better here than nowhere
Fixes: signed integer overflow: -9223372036824775808 - 86400000000 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6601162580688896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavformat/sbgdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/sbgdec.c b/libavformat/sbgdec.c index 4cd12347e7b..5edb9664cc3 100644 --- a/libavformat/sbgdec.c +++ b/libavformat/sbgdec.c @@ -1317,6 +1317,8 @@ static int generate_intervals(void *log, struct sbg_script *s, int sample_rate, /* Pseudo event before the first one */ ev0 = s->events[s->nb_events - 1]; + if (av_sat_sub64(ev0.ts_int, period) != (uint64_t)ev0.ts_int - period) + return AVERROR_INVALIDDATA; ev0.ts_int -= period; ev0.ts_trans -= period; ev0.ts_next -= period; -- 2.17.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
