Re: [FFmpeg-devel] [PATCH 3/7] avutil/parseutils: Check sign in av_parse_time()

Fri, 15 Jan 2021 12:36:57 -0800 


On Thu, 14 Jan 2021, Michael Niedermayer wrote:


Fixes: signed integer overflow: -9223372053736 * 1000000 cannot be represented 
in type 'long'
Fixes: 
26910/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-6607924558430208

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <[email protected]>
---
libavutil/parseutils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavutil/parseutils.c b/libavutil/parseutils.c
index 167e822648..6161f4ac95 100644
--- a/libavutil/parseutils.c
+++ b/libavutil/parseutils.c
@@ -736,7 +736,7 @@ int av_parse_time(int64_t *timeval, const char *timestr, 
int duration)
    if (*q)
        return AVERROR(EINVAL);

-    if (INT64_MAX / suffix < t)
+    if (t < 0 || INT64_MAX / suffix < t)



This does not look right, because a negative t can mean a date before 
1970.


Regards,
Marton


        return AVERROR(ERANGE);
    t *= suffix;
    if (INT64_MAX - microseconds < t)
--
2.17.1

_______________________________________________
ffmpeg-devel mailing list
[email protected]
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
[email protected] with subject "unsubscribe".

_______________________________________________
ffmpeg-devel mailing list
[email protected]
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
[email protected] with subject "unsubscribe".





















					Reply via email to