[FFmpeg-cvslog] avformat/flvdec: Treat high ts byte as unsigned
Michael Niedermayer
git at videolan.org
Sat Feb 20 22:10:54 EET 2021
ffmpeg | branch: release/4.3 | Michael Niedermayer <michael at niedermayer.cc> | Mon Nov 23 21:42:23 2020 +0100| [73bc98119c35c30eb4f0c52193c8e6c9947a024e] | committer: Michael Niedermayer
avformat/flvdec: Treat high ts byte as unsigned
Fixes: left shift of 255 by 24 places cannot be represented in type 'int'
Fixes: 27516/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5152854660349952
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit f514113cfa9fc44d80086bb2a2b783e8026dc3a9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=73bc98119c35c30eb4f0c52193c8e6c9947a024e
---
libavformat/flvdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
index cd913d32d8..334a5f4a7c 100644
--- a/libavformat/flvdec.c
+++ b/libavformat/flvdec.c
@@ -1179,7 +1179,7 @@ retry_duration:
avio_seek(s->pb, fsize - 3 - size, SEEK_SET);
if (size == avio_rb24(s->pb) + 11) {
uint32_t ts = avio_rb24(s->pb);
- ts |= avio_r8(s->pb) << 24;
+ ts |= (unsigned)avio_r8(s->pb) << 24;
if (ts)
s->duration = ts * (int64_t)AV_TIME_BASE / 1000;
else if (fsize >= 8 && fsize - 8 >= size) {
More information about the ffmpeg-cvslog
mailing list