RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

avformat/mov: Fix last mfra check 

Fixes: signed integer overflow: 9223372036854775360 + 536870912 cannot be represented in type 'long'
Fixes: 37940/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6095637855207424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2021-09-15 21:52:00 +02:00
parent 20afd3a63a
commit 451ceb5131
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libavformat/mov.c
View File

@ -5122,7 +5122,7 @@ static int mov_read_sidx(MOVContext *c, AVIOContext *pb, MOVAtom atom)
// See if the remaining bytes are just an mfra which we can ignore. // See if the remaining bytes are just an mfra which we can ignore.
is_complete = offset == stream_size; is_complete = offset == stream_size;
if (!is_complete && (pb->seekable & AVIO_SEEKABLE_NORMAL)) { if (!is_complete && (pb->seekable & AVIO_SEEKABLE_NORMAL) && stream_size > 0 ) {
int64_t ret; int64_t ret;
int64_t original_pos = avio_tell(pb); int64_t original_pos = avio_tell(pb);
if (!c->have_read_mfra_size) { if (!c->have_read_mfra_size) {
@ -5133,7 +5133,7 @@ static int mov_read_sidx(MOVContext *c, AVIOContext *pb, MOVAtom atom)
if ((ret = avio_seek(pb, original_pos, SEEK_SET)) < 0) if ((ret = avio_seek(pb, original_pos, SEEK_SET)) < 0)
return ret; return ret;
} }
if (offset + c->mfra_size == stream_size) if (offset == stream_size - c->mfra_size)
is_complete = 1; is_complete = 1;
} }