diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2021-04-28 16:53:52 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2021-07-28 19:15:26 +0200 |
| commit | 200406d930eff3202f3230f188f85f4ab9cf4525 (patch) | |
| tree | 7f78324ab4f4a6dc76e3939bce16c00850dd9cdf /libavformat | |
| parent | 54b798638e68dcebed5c42a216b403004a97f73e (diff) | |
avformat/mov: Fix incorrect overflow detection in mov_read_sidx()
Fixes: signed integer overflow: 9223372036854775807 + 1442840321 cannot be represented in type 'long'
Fixes: 33670/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6644379491106816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavformat')
| -rw-r--r-- | libavformat/mov.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/mov.c b/libavformat/mov.c index 3fc5a1e8ab..139bcb4b5c 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -5098,7 +5098,7 @@ static int mov_read_sidx(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (frag_stream_info) frag_stream_info->sidx_pts = timestamp; - if (av_sat_add64(offset, size) != offset + size || + if (av_sat_add64(offset, size) != offset + (uint64_t)size || av_sat_add64(pts, duration) != pts + (uint64_t)duration ) return AVERROR_INVALIDDATA; |