Fixes: signed integer overflow: -93000000 - 9223372036839000000 cannot be represented in type 'long' Fixes: 64546/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-5110813828186112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavformat/concatdec.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavformat/concatdec.c b/libavformat/concatdec.c index ffa8ade25b..7abe03c26d 100644 --- a/libavformat/concatdec.c +++ b/libavformat/concatdec.c @@ -638,6 +638,12 @@ static int concat_parse_script(AVFormatContext *avf) } } + if (file->inpoint != AV_NOPTS_VALUE && file->outpoint != AV_NOPTS_VALUE) { + if (file->inpoint > file->outpoint || + file->outpoint - (uint64_t)file->inpoint > INT64_MAX) + ret = AVERROR_INVALIDDATA; + } + fail: for (arg = 0; arg < MAX_ARGS; arg++) av_freep(&arg_str[arg]); -- 2.17.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
