highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

avformat/sbgdec: Check for period overflow

Browse Source 
Fixes: signed integer overflow: 4481246996173000000 - -4778576820000000000 cannot be represented in type 'long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-5063670588899328

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a9137110eda130ba07a2a43bdedff2421efbb7a9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2023-09-30 21:18:14 +02:00
parent 523a7ddc9f
commit 48c506ddb4
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libavformat/sbgdec.c
View File

@ -1272,7 +1272,10 @@ static int generate_intervals(void *log, struct sbg_script *s, int sample_rate,
/* SBaGen handles the time before and after the extremal events, /* SBaGen handles the time before and after the extremal events,
and the corresponding transitions, as if the sequence were cyclic and the corresponding transitions, as if the sequence were cyclic
with a 24-hours period. */ with a 24-hours period. */
period = s->events[s->nb_events - 1].ts - s->events[0].ts; period = s->events[s->nb_events - 1].ts - (uint64_t)s->events[0].ts;
if (period < 0)
return AVERROR_INVALIDDATA;
period = (period + (DAY_TS - 1)) / DAY_TS * DAY_TS; period = (period + (DAY_TS - 1)) / DAY_TS * DAY_TS;
period = FFMAX(period, DAY_TS); period = FFMAX(period, DAY_TS);