From 0014249fd92132515b3ff0ce034dd65e745cb400 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 16 Jan 2021 22:44:33 +0100 Subject: [PATCH] avformat/nutdec: Fix integer overflow in count computation Note, the value is checked a few lines later already Fixes: signed integer overflow: -440402016 - 1879048064 cannot be represented in type 'int' Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6603876618469376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/nutdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c index 53a052503e..88891721ca 100644 --- a/libavformat/nutdec.c +++ b/libavformat/nutdec.c @@ -260,7 +260,7 @@ static int decode_main_header(NUTContext *nut) if (tmp_fields > 5) count = ffio_read_varlen(bc); else - count = tmp_mul - tmp_size; + count = tmp_mul - (unsigned)tmp_size; if (tmp_fields > 6) get_s(bc); if (tmp_fields > 7)