From e29016a9de8cf9a15569bdcea6e68c8e9ba2f299 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kacper=20Michaj=C5=82ow?= <kasper93@gmail.com>
Date: Fri, 11 Jul 2025 21:44:33 +0200
Subject: [PATCH] avformat/subfile: clip seek offset
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes: signed integer overflow: 9223372036854737920 + 1649410 cannot be
represented in type 'int64_t'

Fixes OSS-Fuzz: 410100610

Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
---
 libavformat/subfile.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavformat/subfile.c b/libavformat/subfile.c
index be48ef72ef..b8c6ce0eef 100644
--- a/libavformat/subfile.c
+++ b/libavformat/subfile.c
@@ -128,13 +128,13 @@ static int64_t subfile_seek(URLContext *h, int64_t pos, int whence)
     case AVSEEK_SIZE:
         return end - c->start;
     case SEEK_SET:
-        new_pos = c->start + pos;
+        new_pos = c->start + av_clip(pos, 0, end - c->start);
         break;
     case SEEK_CUR:
-        new_pos = c->pos + pos;
+        new_pos = c->pos + av_clip(pos, -(c->pos - c->start), end - c->pos);
         break;
     case SEEK_END:
-        new_pos = end + pos;
+        new_pos = end + av_clip(pos, -(end - c->start), 0);
         break;
     default:
         av_assert0(0);