virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-08 13:22:53 +02:00
Code Issues Releases Activity

avformat/mov: Avoid overflow in end computation in mov_read_custom()

Browse Source 
Fixes: signed integer overflow: 18 + 9223372036854775799 cannot be represented in type 'long'
Fixes: 26731/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5696846019952640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7d75ecf8d2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2020-10-31 12:01:50 +01:00
parent 57c535996e
commit c1f7a4153e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavformat/mov.c
View File

@ -4396,7 +4396,7 @@ static int mov_read_keys(MOVContext *c, AVIOContext *pb, MOVAtom atom)
static int mov_read_custom(MOVContext *c, AVIOContext *pb, MOVAtom atom)
{
int64_t end = avio_tell(pb) + atom.size;
int64_t end = av_sat_add64(avio_tell(pb), atom.size);
uint8_t *key = NULL, *val = NULL, *mean = NULL;
int i;
int ret = 0;