avutil/parseutils: Check sign in av_parse_time()

Fixes: signed integer overflow: -9223372053736 * 1000000 cannot be represented in type 'long' Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-6607924558430208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5d7f17e885ef3a7aae2035bed54604938d83e98d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2021-01-14 21:11:05 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2021-09-09 13:53:29 +0200
commit: 3366136aeb8faf54bc5d71dc917dc52931b15e27 (patch)
tree: 6ec7eb3c4bed9182e9a9f140c841031d929f2a7d
parent: 584afd367824e65064bb7c8b2f2bd26a7c7546c1 (diff)
download: ffmpeg-3366136aeb8faf54bc5d71dc917dc52931b15e27.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/libavutil/parseutils.c b/libavutil/parseutils.c
index 59bec6cc9d..c5cf717f30 100644
--- a/libavutil/parseutils.c
+++ b/libavutil/parseutils.c
@@ -736,12 +736,14 @@ int av_parse_time(int64_t *timeval, const char *timestr, int duration)
     if (*q)
         return AVERROR(EINVAL);
 
-    if (INT64_MAX / suffix < t)
+    if (INT64_MAX / suffix < t || t < INT64_MIN / suffix)
         return AVERROR(ERANGE);
     t *= suffix;
     if (INT64_MAX - microseconds < t)
         return AVERROR(ERANGE);
     t += microseconds;
+    if (t == INT64_MIN && negative)
+        return AVERROR(ERANGE);
     *timeval = negative ? -t : t;
     return 0;
 }
author	Michael Niedermayer <michael@niedermayer.cc>	2021-01-14 21:11:05 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2021-09-09 13:53:29 +0200
commit	3366136aeb8faf54bc5d71dc917dc52931b15e27 (patch)
tree	6ec7eb3c4bed9182e9a9f140c841031d929f2a7d
parent	584afd367824e65064bb7c8b2f2bd26a7c7546c1 (diff)
download	ffmpeg-3366136aeb8faf54bc5d71dc917dc52931b15e27.tar.gz