[FFmpeg-devel] [PATCH 1/4] avformat/asfdec_f: Fix overflow check in get_tag()
Michael Niedermayer
michael at niedermayer.cc
Sun Mar 15 23:20:55 EET 2020
Fixes: signed integer overflow: 2 * 1210064928 cannot be represented in type 'int'
Fixes: 20873/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5761116909338624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavformat/asfdec_f.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c
index 57dc3b09b9..3f19747d78 100644
--- a/libavformat/asfdec_f.c
+++ b/libavformat/asfdec_f.c
@@ -321,7 +321,7 @@ static void get_tag(AVFormatContext *s, const char *key, int type, int len, int
int64_t off = avio_tell(s->pb);
#define LEN 22
- if ((unsigned)len >= (UINT_MAX - LEN) / 2)
+ if ((unsigned)len >= (INT_MAX - LEN) / 2)
return;
if (!asf->export_xmp && !strncmp(key, "xmp", 3))
--
2.17.1
More information about the ffmpeg-devel
mailing list