virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-10-06 05:47:18 +02:00
Code Issues Releases Activity

avformat/lrcdec: limit input timestamp range to avoid overflows

Browse Source 
Fixes: clusterfuzz-testcase-ffmpeg_dem_LRC_fuzzer-5226140131459072
Found-by: OSS-Fuzz
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit c74bc74398)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Kacper Michajłow
2025-08-09 16:49:17 +02:00
committed by Michael Niedermayer
parent 9c7c34c92f
commit a991df7c1e
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
libavformat/lrcdec.c
View File

@@ -77,7 +77,7 @@ static int64_t count_ts(const char *p)
static int64_t read_ts(const char *p, int64_t *start)
{
int64_t offset = 0;
uint64_t mm;
uint32_t mm;
double ss;
char prefix[3];
@@ -87,8 +87,8 @@ static int64_t read_ts(const char *p, int64_t *start)
if(p[offset] != '[') {
return 0;
}
int ret = sscanf(p, "%2[[-]%"SCNu64":%lf]", prefix, &mm, &ss);
if (ret != 3 || prefix[0] != '[') {
int ret = sscanf(p, "%2[[-]%"SCNu32":%lf]", prefix, &mm, &ss);
if (ret != 3 || prefix[0] != '[' || ss < 0 || ss > 60) {
return 0;
}
*start = (mm * 60 + ss) * AV_TIME_BASE;