avformat/mov: Check edit list for overflow

Fixes: 67492/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5778297231310848 Fixes: signed integer overflow: 2314885530818453536 + 7782220156096217088 cannot be represented in type 'long' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2882d30e3a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
10 months ago · dad619078e
parent a9c838f6f7
commit dad619078e
1 changed files with 4 additions and 0 deletions
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@ -3509,6 +3509,10 @@ static int get_edit_list_entry(MOVContext *mov,
    }
    *edit_list_duration = av_rescale(*edit_list_duration, msc->time_scale,
                                     global_timescale);
+
+    if (*edit_list_duration + (uint64_t)*edit_list_media_time > INT64_MAX)
+        *edit_list_duration = 0;
+
    return 1;
 }