| Message ID | 20201211100002.7202-2-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | f569ac4ce0514bf4e0dd768c5ed007c82548d326 |
| Headers | show |
| Series | [FFmpeg-devel,1/2] avformat/iff: Check data_size | expand |
| Context | Check | Description |
|---|---|---|
| andriy/x86_make | success | Make finished |
| andriy/x86_make_fate | success | Make fate finished |
| andriy/PPC64_make | success | Make finished |
| andriy/PPC64_make_fate | success | Make fate finished |
On Fri, Dec 11, 2020 at 11:00:02AM +0100, Michael Niedermayer wrote: > Fixes: signed integer overflow: 7 - -2147483647 cannot be represented in type 'int' > Fixes: 28036/clusterfuzz-testcase-minimized-ffmpeg_dem_MICRODVD_fuzzer-5171698751766528 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/microdvddec.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) will apply [...]
diff --git a/libavformat/microdvddec.c b/libavformat/microdvddec.c index 1f871b2518..ecebff101c 100644 --- a/libavformat/microdvddec.c +++ b/libavformat/microdvddec.c @@ -65,12 +65,12 @@ static int64_t get_pts(const char *buf) return AV_NOPTS_VALUE; } -static int get_duration(const char *buf) +static int64_t get_duration(const char *buf) { int frame_start, frame_end; if (sscanf(buf, "{%d}{%d}", &frame_start, &frame_end) == 2) - return frame_end - frame_start; + return frame_end - (int64_t)frame_start; return -1; }
Fixes: signed integer overflow: 7 - -2147483647 cannot be represented in type 'int' Fixes: 28036/clusterfuzz-testcase-minimized-ffmpeg_dem_MICRODVD_fuzzer-5171698751766528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/microdvddec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)