aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2021-01-16 23:37:41 +0100
committerMichael Niedermayer <michael@niedermayer.cc>2021-01-26 18:37:12 +0100
commitaa1b8e6898f861cc065c3b0fe315e826a324d0a9 (patch)
tree2b2422cf81523a3ca5c1e5377f7aa733dee50932
parent0014249fd92132515b3ff0ce034dd65e745cb400 (diff)
downloadffmpeg-aa1b8e6898f861cc065c3b0fe315e826a324d0a9.tar.gz
avformat/realtextdec: Avoid undefined overflow in the end of read_ts()
Fixes: signed integer overflow: 234080282628234040 * 100 cannot be represented in type 'long long' Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_REALTEXT_fuzzer-6649867065753600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r--libavformat/realtextdec.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/realtextdec.c b/libavformat/realtextdec.c
index 390f8ddc67..f534774420 100644
--- a/libavformat/realtextdec.c
+++ b/libavformat/realtextdec.c
@@ -54,7 +54,7 @@ static int64_t read_ts(const char *s)
if (sscanf(s, "%u:%u.%u", &mm, &ss, &ms) == 3) return ( mm*60LL + ss) * 100LL + ms;
if (sscanf(s, "%u:%u" , &mm, &ss ) == 2) return ( mm*60LL + ss) * 100LL;
if (sscanf(s, "%u.%u", &ss, &ms) == 2) return ( ss) * 100LL + ms;
- return strtol(s, NULL, 10) * 100LL;
+ return strtoll(s, NULL, 10) * 100ULL;
}
static int realtext_read_header(AVFormatContext *s)