ffmpeg | branch: release/4.2 | Michael Niedermayer <mich...@niedermayer.cc> | Sat Sep 30 21:14:28 2023 +0200| [9def52386d16483f091b0743699458da0c23ea4e] | committer: Michael Niedermayer
avformat/rpl: Check for number_of_chunks overflow Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int32_t' (aka 'int') Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-6086131095830528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> (cherry picked from commit b3c973acbecb879d4949fecdadd2fdfc08dea42b) Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9def52386d16483f091b0743699458da0c23ea4e --- libavformat/rpl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/rpl.c b/libavformat/rpl.c index d959393678..36fd2f727b 100644 --- a/libavformat/rpl.c +++ b/libavformat/rpl.c @@ -265,6 +265,9 @@ static int rpl_read_header(AVFormatContext *s) "Video stream will be broken!\n", av_fourcc2str(vst->codecpar->codec_tag)); number_of_chunks = read_line_and_int(pb, &error); // number of chunks in the file + if (number_of_chunks == INT_MAX) + return AVERROR_INVALIDDATA; + // The number in the header is actually the index of the last chunk. number_of_chunks++; _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
