On Thu, Apr 22, 2021 at 07:51:53PM -0300, James Almer wrote: > On 4/19/2021 3:23 PM, Michael Niedermayer wrote: > > Fixes: signed integer overflow: 9223372036840103978 + 67637280 cannot be > > represented in type 'long' > > Fixes: > > 33341/clusterfuzz-testcase-minimized-ffmpeg_dem_DSF_fuzzer-6408154041679872 > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > > --- > > libavformat/id3v2.c | 8 ++++++-- > > 1 file changed, 6 insertions(+), 2 deletions(-) > > > > diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c > > index e0fef08789..0f7035d4c5 100644 > > --- a/libavformat/id3v2.c > > +++ b/libavformat/id3v2.c > > @@ -824,7 +824,7 @@ static void id3v2_parse(AVIOContext *pb, AVDictionary > > **metadata, > > int isv34, unsync; > > unsigned tlen; > > char tag[5]; > > - int64_t next, end = avio_tell(pb) + len; > > + int64_t next, end = avio_tell(pb); > > int taghdrlen; > > const char *reason = NULL; > > AVIOContext pb_local; > > @@ -836,6 +836,10 @@ static void id3v2_parse(AVIOContext *pb, AVDictionary > > **metadata, > > av_unused int uncompressed_buffer_size = 0; > > const char *comm_frame; > > + if (av_sat_add64(end, len) != end + (uint64_t)len) > > Wouldn't a check like end > INT64_MAX - len be simpler?
will change it so it does not need av_sat_add64() and will apply thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws. -- Plato
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
