On Sun, May 28, 2023 at 08:53:49PM +0200, Marton Balint wrote: > > > On Thu, 25 May 2023, Michael Niedermayer wrote: > > > Fixes: signed integer overflow: -9223372036854775808 - 2082844800 cannot be > > represented in type 'long' > > Fixes: > > 58384/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6428383700713472 > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > > --- > > libavformat/mov.c | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/libavformat/mov.c b/libavformat/mov.c > > index 9fdeef057e..3e2c4bc10d 100644 > > --- a/libavformat/mov.c > > +++ b/libavformat/mov.c > > @@ -1530,6 +1530,10 @@ static void mov_metadata_creation_time(MOVContext > > *c, AVIOContext *pb, AVDiction > > } > > } > > if (time) { > > + if (time < INT64_MIN + 2082844800) { > > + av_log(c->fc, AV_LOG_DEBUG, "creation_time predates big > > bang\n"); > > + return; > > + } > > Actually creation_time is unsigned, so it cannot be negative. I suggest you > simply reject everyting less than 0 here. You should also move the check to > the version == 1 case, because only that can read a "negative" value.
ok will apply with these changes thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Asymptotically faster algorithms should always be preferred if you have asymptotical amounts of data
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
