On Mon, Feb 15, 2021 at 09:38:44PM +0100, Andreas Rheinhardt wrote:
> Michael Niedermayer:
> > Fixes: signed integer overflow: 2147483647 + 64 cannot be represented in
> > type 'int'
> > Fixes:
> > 30333/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-5175286983426048
> >
> > Found-by: continuous fuzzing process
> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer
> > ---
> > libavformat/rmdec.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c
> > index 521b9d0e8c..613fb407df 100644
> > --- a/libavformat/rmdec.c
> > +++ b/libavformat/rmdec.c
> > @@ -223,7 +223,7 @@ static int rm_read_audio_stream_info(AVFormatContext
> > *s, AVIOContext *pb,
> > if (version == 5)
> > avio_r8(pb);
> > codecdata_length = avio_rb32(pb);
> > -if(codecdata_length + AV_INPUT_BUFFER_PADDING_SIZE <=
> > (unsigned)codecdata_length){
> > +if(codecdata_length < 0 || codecdata_length > INT_MAX -
> > AV_INPUT_BUFFER_PADDING_SIZE){
> > av_log(s, AV_LOG_ERROR, "codecdata_length too
> > large\n");
> > return -1;
> > }
> >
> The first of these checks can be avoided by making codecdata_length
> unsigned.
will apply unsigned style check
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Everything should be made as simple as possible, but not simpler.
-- Albert Einstein
signature.asc
Description: PGP signature
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".