[FFmpeg-devel] [PATCH] avformat/subfile: clip seek offset
Michael Niedermayer
michael at niedermayer.cc
Tue Jul 29 01:34:16 EEST 2025
On Fri, Jul 11, 2025 at 09:49:29PM +0200, Kacper Michajłow wrote:
> Fixes: signed integer overflow: 9223372036854737920 + 1649410 cannot be
> represented in type 'int64_t'
>
> Fixes OSS-Fuzz: 410100610
>
> Signed-off-by: Kacper Michajłow <kasper93 at gmail.com>
> ---
> libavformat/subfile.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/libavformat/subfile.c b/libavformat/subfile.c
> index be48ef72ef..b8c6ce0eef 100644
> --- a/libavformat/subfile.c
> +++ b/libavformat/subfile.c
> @@ -128,13 +128,13 @@ static int64_t subfile_seek(URLContext *h, int64_t pos, int whence)
> case AVSEEK_SIZE:
> return end - c->start;
> case SEEK_SET:
> - new_pos = c->start + pos;
> + new_pos = c->start + av_clip(pos, 0, end - c->start);
> break;
> case SEEK_CUR:
> - new_pos = c->pos + pos;
> + new_pos = c->pos + av_clip(pos, -(c->pos - c->start), end - c->pos);
> break;
> case SEEK_END:
> - new_pos = end + pos;
> + new_pos = end + av_clip(pos, -(end - c->start), 0);
> break;
> default:
> av_assert0(0);
regression fix for this is here:
https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20055
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
During times of universal deceit, telling the truth becomes a
revolutionary act. -- George Orwell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20250729/bb244897/attachment.sig>
More information about the ffmpeg-devel
mailing list