ffmpeg/FFmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2024-09-19 21:06:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

avformat/sbgdec: Check for overflow in timestamp preparation

Browse Source 
Fixes: signed integer overflow: 9223372036854775807 + 86400000000 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6731040263634944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9dbed90840)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2021-04-27 20:53:32 +02:00
parent d1dc6b0858
commit f3fc9e0fe4
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libavformat/sbgdec.c
View File

@ -1281,6 +1281,10 @@ static int generate_intervals(void *log, struct sbg_script *s, int sample_rate,
ev1 = &s->events[i]; ev1 = &s->events[i];
ev2 = &s->events[(i + 1) % s->nb_events]; ev2 = &s->events[(i + 1) % s->nb_events];
ev1->ts_int = ev1->ts; ev1->ts_int = ev1->ts;
if (!ev1->fade.slide && ev1 >= ev2 && ev2->ts > INT64_MAX - period)
return AVERROR_INVALIDDATA;
ev1->ts_trans = ev1->fade.slide ? ev1->ts ev1->ts_trans = ev1->fade.slide ? ev1->ts
: ev2->ts + (ev1 < ev2 ? 0 : period); : ev2->ts + (ev1 < ev2 ? 0 : period);
} }