avformat/sbgdec: Check for overflow in parse_timestamp()

Fixes: signed integer overflow: 33986707200000000 + 9195561788997000192 cannot be represented in type 'long' Fixes: 23790/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6554232198266880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2020-07-19 16:20:52 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2020-07-20 19:47:27 +0200
commit: b6663adaae948a66574dff58923a862774663439 (patch)
tree: 919acce07c3f88eebddd220993e543c8ee624955
parent: 80286671c5594957d74120b3b5f47b774e98c661 (diff)
download: ffmpeg-b6663adaae948a66574dff58923a862774663439.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/libavformat/sbgdec.c b/libavformat/sbgdec.c
index de1de271bb..c11244ef3d 100644
--- a/libavformat/sbgdec.c
+++ b/libavformat/sbgdec.c
@@ -474,6 +474,8 @@ static int parse_timestamp(struct sbg_parser *p,
     while (lex_char(p, '+')) {
         if (!lex_time(p, &dt))
             return AVERROR_INVALIDDATA;
+        if (av_sat_add64(rel, dt) - dt != rel)
+            return AVERROR_INVALIDDATA;
         rel += dt;
         r = 1;
     }
author	Michael Niedermayer <michael@niedermayer.cc>	2020-07-19 16:20:52 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2020-07-20 19:47:27 +0200
commit	b6663adaae948a66574dff58923a862774663439 (patch)
tree	919acce07c3f88eebddd220993e543c8ee624955
parent	80286671c5594957d74120b3b5f47b774e98c661 (diff)
download	ffmpeg-b6663adaae948a66574dff58923a862774663439.tar.gz