diff mbox series

[FFmpeg-devel,1/5] avformat/tedcaptionsdec: Check for overflow in parse_int()

Message ID 20201107231710.24816-1-michael@niedermayer.cc
State New
Headers show
Series [FFmpeg-devel,1/5] avformat/tedcaptionsdec: Check for overflow in parse_int()
Related show

Checks

Context Check Description
andriy/x86_make success Make finished
andriy/x86_make_fate success Make fate finished

Commit Message

Michael Niedermayer Nov. 7, 2020, 11:17 p.m. UTC
Fixes: signed integer overflow: 1111111111111111111 * 10 cannot be represented in type 'long'
Fixes: 26892/clusterfuzz-testcase-minimized-ffmpeg_dem_TEDCAPTIONS_fuzzer-5756045055754240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/tedcaptionsdec.c | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/libavformat/tedcaptionsdec.c b/libavformat/tedcaptionsdec.c
index 6c25d602d6..c15aeea06c 100644
--- a/libavformat/tedcaptionsdec.c
+++ b/libavformat/tedcaptionsdec.c
@@ -172,6 +172,8 @@  static int parse_int(AVIOContext *pb, int *cur_byte, int64_t *result)
     if ((unsigned)*cur_byte - '0' > 9)
         return AVERROR_INVALIDDATA;
     while (BETWEEN(*cur_byte, '0', '9')) {
+        if (val > INT_MAX/10 - (*cur_byte - '0'))
+            return AVERROR_INVALIDDATA;
         val = val * 10 + (*cur_byte - '0');
         next_byte(pb, cur_byte);
     }