From 6c5121379ac5a98688d3f62fb4820c749fb13687 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 14 Jan 2021 22:15:18 +0100 Subject: [PATCH] avformat/mccdec: Use av_sat_add64() for fs Fixes: signed integer overflow: -9223372036854775808 + -242 cannot be represented in type 'long' Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_MCC_fuzzer-6723018395090944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/mccdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mccdec.c b/libavformat/mccdec.c index 874ff45cdf..2a0b7905a0 100644 --- a/libavformat/mccdec.c +++ b/libavformat/mccdec.c @@ -142,7 +142,7 @@ static int mcc_read_header(AVFormatContext *s) if (av_sscanf(line, "%d:%d:%d:%d", &hh, &mm, &ss, &fs) != 4) continue; - ts = av_rescale(hh * 3600LL + mm * 60LL + ss, rate.num, rate.den) + fs; + ts = av_sat_add64(av_rescale(hh * 3600LL + mm * 60LL + ss, rate.num, rate.den), fs); lline = (char *)&line; lline += 12;