avformat/mov: Avoid overflow in dts

This basically ignores the overflow without undefined behavior, alternatively we could detect and error out

Fixes: signed integer overflow: 6310596683470275584 + 7660622966157213696 cannot be represented in type 'long'
Fixes: 70433/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5483347233538048
Fixes: 369662284/clusterfuzz-testcase-minimized-media_metadata_parser_fuzzer-5327368763670528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

1 files changed, 2 insertions, 2 deletions

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 78388f4122..8c3329b815 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -3582,10 +3582,10 @@ static int mov_read_stts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
             sc->stts_data[i].duration = 1;
             corrected_dts += (delta_magnitude < 0 ? (int64_t)delta_magnitude : 1) * sample_count;
         } else {
-            corrected_dts += sample_duration * (int64_t)sample_count;
+            corrected_dts += sample_duration * (uint64_t)sample_count;
         }
 
-        current_dts += sc->stts_data[i].duration * (int64_t)sample_count;
+        current_dts += sc->stts_data[i].duration * (uint64_t)sample_count;
 
         if (current_dts > corrected_dts) {
             int64_t drift = (current_dts - corrected_dts)/FFMAX(sample_count, 1);