virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-03-17 20:17:55 +02:00
Code Issues Releases Activity

avformat/jacosubdec: Use 64bit inside get_shift()

Browse Source 
Fixes: signed integer overflow: 111111111 * 30 cannot be represented in type 'int'
Fixes: 26448/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5638440374501376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 715ff75e5dbbbefff7337351db596a9b7a5d4379)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2020-10-19 17:29:01 +02:00
parent d6d2837e4b
commit cac2a6406e
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
libavformat/jacosubdec.c
View File

@ -135,6 +135,7 @@ static int get_shift(int timeres, const char *buf)
{
int sign = 1;
int a = 0, b = 0, c = 0, d = 0;
int64_t ret;
#define SSEP "%*1[.:]"
int n = sscanf(buf, "%d"SSEP"%d"SSEP"%d"SSEP"%d", &a, &b, &c, &d);
#undef SSEP
@ -144,13 +145,16 @@ static int get_shift(int timeres, const char *buf)
a = FFABS(a);
}
ret = 0;
switch (n) {
case 4: return sign * ((a*3600 + b*60 + c) * timeres + d);
case 3: return sign * (( a*60 + b) * timeres + c);
case 2: return sign * (( a) * timeres + b);
case 4: ret = sign * (((int64_t)a*3600 + b*60 + c) * timeres + d);
case 3: ret = sign * (( (int64_t)a*60 + b) * timeres + c);
case 2: ret = sign * (( (int64_t)a) * timeres + b);
}
if ((int)ret != ret)
ret = 0;
return 0;
return ret;
}
static int jacosub_read_header(AVFormatContext *s)