Message ID | 20190803111529.30759-1-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 549fcba8fc83330763ccd3cc67233037c96bc6d9 |
Headers | show |
lgtm On Sat, Aug 3, 2019 at 1:17 PM Michael Niedermayer <michael@niedermayer.cc> wrote: > Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in > type 'int' > Fixes: > 15568/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5634719611355136 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by > <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>: > Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/dirac_parser.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/dirac_parser.c b/libavcodec/dirac_parser.c > index 1ade44a438..fbc7414c79 100644 > --- a/libavcodec/dirac_parser.c > +++ b/libavcodec/dirac_parser.c > @@ -212,7 +212,7 @@ static int dirac_combine_frame(AVCodecParserContext > *s, AVCodecContext *avctx, > if (parse_timing_info && pu1.prev_pu_offset >= 13) { > uint8_t *cur_pu = pc->buffer + > pc->index - 13 - pu1.prev_pu_offset; > - int pts = AV_RB32(cur_pu + 13); > + int64_t pts = AV_RB32(cur_pu + 13); > if (s->last_pts == 0 && s->last_dts == 0) > s->dts = pts - 1; > else > -- > 2.22.0 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
On Mon, Aug 05, 2019 at 04:57:49PM +0200, Paul B Mahol wrote:
> lgtm
will apply
thx
[...]
diff --git a/libavcodec/dirac_parser.c b/libavcodec/dirac_parser.c index 1ade44a438..fbc7414c79 100644 --- a/libavcodec/dirac_parser.c +++ b/libavcodec/dirac_parser.c @@ -212,7 +212,7 @@ static int dirac_combine_frame(AVCodecParserContext *s, AVCodecContext *avctx, if (parse_timing_info && pu1.prev_pu_offset >= 13) { uint8_t *cur_pu = pc->buffer + pc->index - 13 - pu1.prev_pu_offset; - int pts = AV_RB32(cur_pu + 13); + int64_t pts = AV_RB32(cur_pu + 13); if (s->last_pts == 0 && s->last_dts == 0) s->dts = pts - 1; else
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int' Fixes: 15568/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5634719611355136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/dirac_parser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)