| Message ID | 20210117225311.17297-2-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | f54aab94a363489edcda492637d6e7409cc5446b |
| Headers | show |
| Series | [FFmpeg-devel,1/5] avformat/sccdec: Use larger intermediate for ts/next_ts computation | expand |
| Context | Check | Description |
|---|---|---|
| andriy/x86_make | success | Make finished |
| andriy/x86_make_fate | success | Make fate finished |
| andriy/PPC64_make | success | Make finished |
| andriy/PPC64_make_fate | success | Make fate finished |
diff --git a/libavformat/smacker.c b/libavformat/smacker.c index 9966a67055..61209e7038 100644 --- a/libavformat/smacker.c +++ b/libavformat/smacker.c @@ -105,8 +105,8 @@ static int smacker_read_header(AVFormatContext *s) height = avio_rl32(pb); smk->frames = avio_rl32(pb); pts_inc = avio_rl32(pb); - if (pts_inc > INT_MAX / 100) { - av_log(s, AV_LOG_ERROR, "pts_inc %d is too large\n", pts_inc); + if (pts_inc > INT_MAX / 100 || pts_inc == INT_MIN) { + av_log(s, AV_LOG_ERROR, "pts_inc %d is invalid\n", pts_inc); return AVERROR_INVALIDDATA; }
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_SMACKER_fuzzer-6705429132476416 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/smacker.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)