Message ID | 20230930223046.22896-10-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 929ddef3f40102d6a84cfa17ed7c7ffebcf8236e |
Headers | show |
Series | [FFmpeg-devel,01/15] avformat/concatdec: Check in/outpoint for overflow | expand |
Context | Check | Description |
---|---|---|
yinshiyou/make_loongarch64 | success | Make finished |
yinshiyou/make_fate_loongarch64 | success | Make fate finished |
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
diff --git a/libavformat/wavdec.c b/libavformat/wavdec.c index 97e69ab2ee4..b145e980414 100644 --- a/libavformat/wavdec.c +++ b/libavformat/wavdec.c @@ -767,6 +767,8 @@ smv_out: goto smv_retry; return AVERROR_EOF; } + if (INT64_MAX - left < avio_tell(s->pb)) + return AVERROR_INVALIDDATA; wav->data_end = avio_tell(s->pb) + left; }
Fixes: signed integer overflow: 155 + 9223372036854775655 cannot be represented in type 'long' Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5364032278495232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/wavdec.c | 2 ++ 1 file changed, 2 insertions(+)