1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-26 19:01:44 +02:00

avformat/mov: Avoid overflow in dts

This basically ignores the overflow without undefined behavior, alternatively we could detect and error out

Fixes: signed integer overflow: 6310596683470275584 + 7660622966157213696 cannot be represented in type 'long'
Fixes: 70433/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5483347233538048
Fixes: 369662284/clusterfuzz-testcase-minimized-media_metadata_parser_fuzzer-5327368763670528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2024-07-28 20:53:49 +02:00
parent 6701534102
commit 057b8c2066
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64

View File

@ -3582,10 +3582,10 @@ static int mov_read_stts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
sc->stts_data[i].duration = 1;
corrected_dts += (delta_magnitude < 0 ? (int64_t)delta_magnitude : 1) * sample_count;
} else {
corrected_dts += sample_duration * (int64_t)sample_count;
corrected_dts += sample_duration * (uint64_t)sample_count;
}
current_dts += sc->stts_data[i].duration * (int64_t)sample_count;
current_dts += sc->stts_data[i].duration * (uint64_t)sample_count;
if (current_dts > corrected_dts) {
int64_t drift = (current_dts - corrected_dts)/FFMAX(sample_count, 1);