avformat/nutdec: Fix integer overflow in count computation

Note, the value is checked a few lines later already Fixes: signed integer overflow: -440402016 - 1879048064 cannot be represented in type 'int' Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6603876618469376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2021-01-16 22:44:33 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2021-01-26 18:37:12 +0100
commit: 0014249fd92132515b3ff0ce034dd65e745cb400 (patch)
tree: 9daac954e21cb511e581e4f9d019d168ca366564 /libavformat/nutdec.c
parent: 48fb752767086a48e599f9e86d87096f66cc7590 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
index 53a052503e..88891721ca 100644
--- a/libavformat/nutdec.c
+++ b/libavformat/nutdec.c
@@ -260,7 +260,7 @@ static int decode_main_header(NUTContext *nut)
         if (tmp_fields > 5)
             count = ffio_read_varlen(bc);
         else
-            count = tmp_mul - tmp_size;
+            count = tmp_mul - (unsigned)tmp_size;
         if (tmp_fields > 6)
             get_s(bc);
         if (tmp_fields > 7)
author	Michael Niedermayer <michael@niedermayer.cc>	2021-01-16 22:44:33 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2021-01-26 18:37:12 +0100
commit	0014249fd92132515b3ff0ce034dd65e745cb400 (patch)
tree	9daac954e21cb511e581e4f9d019d168ca366564 /libavformat/nutdec.c
parent	48fb752767086a48e599f9e86d87096f66cc7590 (diff)