aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2021-01-14 21:11:05 +0100
committerMichael Niedermayer <michael@niedermayer.cc>2021-03-03 16:54:20 +0100
commit5d7f17e885ef3a7aae2035bed54604938d83e98d (patch)
treef3585d2882a67ebf59f1ccf9b116679f5520876c
parent787501db16cbe6874ad42acd539fa4595dd64e66 (diff)
downloadffmpeg-5d7f17e885ef3a7aae2035bed54604938d83e98d.tar.gz
avutil/parseutils: Check sign in av_parse_time()
Fixes: signed integer overflow: -9223372053736 * 1000000 cannot be represented in type 'long' Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-6607924558430208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r--libavutil/parseutils.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/libavutil/parseutils.c b/libavutil/parseutils.c
index 167e822648..7f678cd85a 100644
--- a/libavutil/parseutils.c
+++ b/libavutil/parseutils.c
@@ -736,12 +736,14 @@ int av_parse_time(int64_t *timeval, const char *timestr, int duration)
if (*q)
return AVERROR(EINVAL);
- if (INT64_MAX / suffix < t)
+ if (INT64_MAX / suffix < t || t < INT64_MIN / suffix)
return AVERROR(ERANGE);
t *= suffix;
if (INT64_MAX - microseconds < t)
return AVERROR(ERANGE);
t += microseconds;
+ if (t == INT64_MIN && negative)
+ return AVERROR(ERANGE);
*timeval = negative ? -t : t;
return 0;
}