Chiebot-Mirror
/
FFmpeg
mirror of https://github.com/FFmpeg/FFmpeg.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

avformat/sbgdec: Check for period overflow

Browse Source 
Fixes: signed integer overflow: 4481246996173000000 - -4778576820000000000 cannot be represented in type 'long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-5063670588899328

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a9137110ed)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
release/6.0
Michael Niedermayer 1 year ago
parent afb5d20e23
commit 33c009130c
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64
1 changed files with 4 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      libavformat/sbgdec.c

5
libavformat/sbgdec.c
Unescape View File

@ -1289,7 +1289,10 @@ static int generate_intervals(void *log, struct sbg_script *s, int sample_rate,
/* SBaGen handles the time before and after the extremal events, /* SBaGen handles the time before and after the extremal events,
and the corresponding transitions, as if the sequence were cyclic and the corresponding transitions, as if the sequence were cyclic
with a 24-hours period. */ with a 24-hours period. */
period = s->events[s->nb_events - 1].ts - s->events[0].ts; period = s->events[s->nb_events - 1].ts - (uint64_t)s->events[0].ts;
if (period < 0)
return AVERROR_INVALIDDATA;
period = (period + (DAY_TS - 1)) / DAY_TS * DAY_TS; period = (period + (DAY_TS - 1)) / DAY_TS * DAY_TS;
period = FFMAX(period, DAY_TS); period = FFMAX(period, DAY_TS);

Write Preview
Loading…
Cancel
Save