[FFmpeg-devel] [PATCH] avformat/mov: fix overflow in corrected_dts calculation

James Almer Sat, 01 Mar 2025 18:53:25 -0800

Fixes: Integer-overflow
Fixes: 
400093647/clusterfuzz-testcase-minimized-media_metadata_parser_fuzzer-4794341562187776


Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: James Almer <jamr...@gmail.com>
---
 libavformat/mov.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index ee44b10435..57d9364ea2 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -3539,7 +3539,7 @@ static int mov_read_stts(MOVContext *c, AVIOContext *pb, 
MOVAtom atom)
             av_log(c->fc, AV_LOG_WARNING, "Too large sample offset %u in stts 
entry %u with count %u in st:%d. Clipping to 1.\n",
                    sample_duration, i, sample_count, st->index);
             sc->stts_data[i].duration = 1;
-            corrected_dts += (delta_magnitude < 0 ? (int64_t)delta_magnitude : 
1) * sample_count;
+            corrected_dts = av_sat_add64(corrected_dts, (delta_magnitude < 0 ? 
(int64_t)delta_magnitude : 1) * sample_count);
         } else {
             corrected_dts += sample_duration * (uint64_t)sample_count;
         }
-- 
2.48.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH] avformat/mov: fix overflow in corrected_dts calculation

Reply via email to