[FFmpeg-devel] [PATCH] avformat/icodec: fix integer overflow with nb_pal

Michael Niedermayer Sun, 03 Nov 2024 02:07:45 -0800

Fixes: runtime error: signed integer overflow
Fixes: 42536949/clusterfuzz-testcase-minimized-fuzzer_loadfile-6199846684393472
Found-by: ossfuzz
Reported-by: Kacper Michajlow
Tested-by: Kacper Michajlow
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
 libavformat/icodec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


diff --git a/libavformat/icodec.c b/libavformat/icodec.c
index afd0c71b1f9..b09d0060a65 100644
--- a/libavformat/icodec.c
+++ b/libavformat/icodec.c
@@ -198,7 +198,7 @@ static int read_packet(AVFormatContext *s, AVPacket *pkt)
             AV_WL32(buf + 32, image->nb_pal);
         }
 
-        if (image->nb_pal > INT_MAX / 4 - 14 - 40)
+        if (image->nb_pal > INT_MAX / 4 - 14 - 40U)
             return AVERROR_INVALIDDATA;
 
         AV_WL32(buf - 4, 14 + 40 + image->nb_pal * 4);
-- 
2.47.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH] avformat/icodec: fix integer overflow with nb_pal

Reply via email to