From abb141d6fd0bea2035583d763cba1a3a2b5f40da Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 14 Jan 2021 21:11:05 +0100 Subject: [PATCH] avutil/parseutils: Check sign in av_parse_time() Fixes: signed integer overflow: -9223372053736 * 1000000 cannot be represented in type 'long' Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-6607924558430208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 5d7f17e885ef3a7aae2035bed54604938d83e98d) Signed-off-by: Michael Niedermayer --- libavutil/parseutils.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavutil/parseutils.c b/libavutil/parseutils.c index 167e822648..7f678cd85a 100644 --- a/libavutil/parseutils.c +++ b/libavutil/parseutils.c @@ -736,12 +736,14 @@ int av_parse_time(int64_t *timeval, const char *timestr, int duration) if (*q) return AVERROR(EINVAL); - if (INT64_MAX / suffix < t) + if (INT64_MAX / suffix < t || t < INT64_MIN / suffix) return AVERROR(ERANGE); t *= suffix; if (INT64_MAX - microseconds < t) return AVERROR(ERANGE); t += microseconds; + if (t == INT64_MIN && negative) + return AVERROR(ERANGE); *timeval = negative ? -t : t; return 0; }