avformat/nutdec: Fix integer overflow in count computation

Note, the value is checked a few lines later already Fixes: signed integer overflow: -440402016 - 1879048064 cannot be represented in type 'int' Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6603876618469376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 0014249fd92132515b3ff0ce034dd65e745cb400) Signed-off-by: Michael Niedermayer <[email protected]>
author: Michael Niedermayer <[email protected]> 2021-01-16 22:44:33 +0100
committer: Michael Niedermayer <[email protected]> 2021-02-02 14:18:21 +0100
commit: 87c071a7c86005ab68fa639401093eee1891cb03 (patch)
tree: 321e9b381d07e07ee695105b356362761b990cb3
parent: 55ba3505ed774a4e97ec2dfec90ba89d1fa5d4aa (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
index 3779dce2a8..b7020c5210 100644
--- a/libavformat/nutdec.c
+++ b/libavformat/nutdec.c
@@ -260,7 +260,7 @@ static int decode_main_header(NUTContext *nut)
         if (tmp_fields > 5)
             count = ffio_read_varlen(bc);
         else
-            count = tmp_mul - tmp_size;
+            count = tmp_mul - (unsigned)tmp_size;
         if (tmp_fields > 6)
             get_s(bc);
         if (tmp_fields > 7)
author	Michael Niedermayer <[email protected]>	2021-01-16 22:44:33 +0100
committer	Michael Niedermayer <[email protected]>	2021-02-02 14:18:21 +0100
commit	87c071a7c86005ab68fa639401093eee1891cb03 (patch)
tree	321e9b381d07e07ee695105b356362761b990cb3
parent	55ba3505ed774a4e97ec2dfec90ba89d1fa5d4aa (diff)