Message ID | 20210114225116.13486-4-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | d82ee907d6caafbc1212c4b63ecac2dcd30f23b0 |
Headers | show |
Series | [FFmpeg-devel,1/7] avformat/ads: Check size | expand |
Context | Check | Description |
---|---|---|
andriy/x86_make | success | Make finished |
andriy/x86_make_fate | success | Make fate finished |
andriy/PPC64_make | success | Make finished |
andriy/PPC64_make_fate | success | Make fate finished |
On Thu, Jan 14, 2021 at 11:51:13PM +0100, Michael Niedermayer wrote: > Fixes: signed integer overflow: -9223372036842389247 - 2147483648 cannot be represented in type 'long long' > Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-4845007531671552 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/utils.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) will apply [...]
diff --git a/libavformat/utils.c b/libavformat/utils.c index d193f9e85f..bf904ef2c5 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -1251,7 +1251,7 @@ static void compute_pkt_fields(AVFormatContext *s, AVStream *st, presentation_delayed = 1; if (pkt->pts != AV_NOPTS_VALUE && pkt->dts != AV_NOPTS_VALUE && - st->pts_wrap_bits < 63 && + st->pts_wrap_bits < 63 && pkt->dts > INT64_MIN + (1LL << (st->pts_wrap_bits - 1)) && pkt->dts - (1LL << (st->pts_wrap_bits - 1)) > pkt->pts) { if (is_relative(st->cur_dts) || pkt->dts - (1LL<<(st->pts_wrap_bits - 1)) > st->cur_dts) { pkt->dts -= 1LL << st->pts_wrap_bits;
Fixes: signed integer overflow: -9223372036842389247 - 2147483648 cannot be represented in type 'long long' Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-4845007531671552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)