highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

avformat/sbgdec: Check for period overflow

Browse Source 
Fixes: signed integer overflow: 4481246996173000000 - -4778576820000000000 cannot be represented in type 'long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-5063670588899328

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a9137110ed)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2023-09-30 21:18:14 +02:00
parent 523a7ddc9f
commit 48c506ddb4
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
libavformat/sbgdec.c
View File

@@ -1272,7 +1272,10 @@ static int generate_intervals(void *log, struct sbg_script *s, int sample_rate,
/* SBaGen handles the time before and after the extremal events, /* SBaGen handles the time before and after the extremal events,
and the corresponding transitions, as if the sequence were cyclic and the corresponding transitions, as if the sequence were cyclic
with a 24-hours period. */ with a 24-hours period. */
period = s->events[s->nb_events - 1].ts - s->events[0].ts; period = s->events[s->nb_events - 1].ts - (uint64_t)s->events[0].ts;
if (period < 0)
return AVERROR_INVALIDDATA;
period = (period + (DAY_TS - 1)) / DAY_TS * DAY_TS; period = (period + (DAY_TS - 1)) / DAY_TS * DAY_TS;
period = FFMAX(period, DAY_TS); period = FFMAX(period, DAY_TS);