Message ID | 20200719174218.30659-3-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | b6663adaae948a66574dff58923a862774663439 |
Headers | show |
Series | [FFmpeg-devel,1/6] avformat/wc3movie: Move wc3_read_close() up | expand |
Context | Check | Description |
---|---|---|
andriy/default | pending | |
andriy/make | success | Make finished |
andriy/make_fate | success | Make fate finished |
Michael Niedermayer (12020-07-19): > Fixes: signed integer overflow: 33986707200000000 + 9195561788997000192 cannot be represented in type 'long' > Fixes: 23790/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6554232198266880 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/sbgdec.c | 2 ++ > 1 file changed, 2 insertions(+) No objection. Regards,
On Sun, Jul 19, 2020 at 07:51:47PM +0200, Nicolas George wrote: > Michael Niedermayer (12020-07-19): > > Fixes: signed integer overflow: 33986707200000000 + 9195561788997000192 cannot be represented in type 'long' > > Fixes: 23790/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6554232198266880 > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavformat/sbgdec.c | 2 ++ > > 1 file changed, 2 insertions(+) > > No objection. will apply thx [...]
diff --git a/libavformat/sbgdec.c b/libavformat/sbgdec.c index de1de271bb..c11244ef3d 100644 --- a/libavformat/sbgdec.c +++ b/libavformat/sbgdec.c @@ -474,6 +474,8 @@ static int parse_timestamp(struct sbg_parser *p, while (lex_char(p, '+')) { if (!lex_time(p, &dt)) return AVERROR_INVALIDDATA; + if (av_sat_add64(rel, dt) - dt != rel) + return AVERROR_INVALIDDATA; rel += dt; r = 1; }
Fixes: signed integer overflow: 33986707200000000 + 9195561788997000192 cannot be represented in type 'long' Fixes: 23790/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6554232198266880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/sbgdec.c | 2 ++ 1 file changed, 2 insertions(+)