Message ID | 20210114225116.13486-7-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 6c5121379ac5a98688d3f62fb4820c749fb13687 |
Headers | show |
Series | [FFmpeg-devel,1/7] avformat/ads: Check size | expand |
Context | Check | Description |
---|---|---|
andriy/x86_make | success | Make finished |
andriy/x86_make_fate | success | Make fate finished |
andriy/PPC64_make | success | Make finished |
andriy/PPC64_make_fate | success | Make fate finished |
On Thu, Jan 14, 2021 at 11:51:16PM +0100, Michael Niedermayer wrote: > Fixes: signed integer overflow: -9223372036854775808 + -242 cannot be represented in type 'long' > Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_MCC_fuzzer-6723018395090944 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/mccdec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) will apply [...]
diff --git a/libavformat/mccdec.c b/libavformat/mccdec.c index 874ff45cdf..2a0b7905a0 100644 --- a/libavformat/mccdec.c +++ b/libavformat/mccdec.c @@ -142,7 +142,7 @@ static int mcc_read_header(AVFormatContext *s) if (av_sscanf(line, "%d:%d:%d:%d", &hh, &mm, &ss, &fs) != 4) continue; - ts = av_rescale(hh * 3600LL + mm * 60LL + ss, rate.num, rate.den) + fs; + ts = av_sat_add64(av_rescale(hh * 3600LL + mm * 60LL + ss, rate.num, rate.den), fs); lline = (char *)&line; lline += 12;
Fixes: signed integer overflow: -9223372036854775808 + -242 cannot be represented in type 'long' Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_MCC_fuzzer-6723018395090944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/mccdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)