Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long' Fixes: 377971441/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4966030696316928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavformat/mxfdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index 9ecaa287bb4..0d97b3aade5 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -496,6 +496,9 @@ static int klv_read_packet(MXFContext *mxf, KLVPacket *klv, AVIOContext *pb) if (length < 0) return length; klv->length = length; + if (klv->offset > INT64_MAX - 16 - llen) + return AVERROR_INVALIDDATA; + pos = klv->offset + 16 + llen; if (pos > INT64_MAX - length) return AVERROR_INVALIDDATA; -- 2.47.0 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
