avformat/rpl: Check for number_of_chunks overflow

Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int32_t' (aka 'int') Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-6086131095830528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2023-09-30 21:14:28 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2023-10-08 21:36:02 +0200
commit: b3c973acbecb879d4949fecdadd2fdfc08dea42b (patch)
tree: bdd9a57011e2a8f8fc6c6103210b5c32b1b74c1d
parent: 3508b496e195440d0af0203e2822937b8c6f5598 (diff)
download: ffmpeg-b3c973acbecb879d4949fecdadd2fdfc08dea42b.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/libavformat/rpl.c b/libavformat/rpl.c
index 3ef6fda386..eae0da891b 100644
--- a/libavformat/rpl.c
+++ b/libavformat/rpl.c
@@ -268,6 +268,9 @@ static int rpl_read_header(AVFormatContext *s)
                "Video stream will be broken!\n", av_fourcc2str(vst->codecpar->codec_tag));
 
     number_of_chunks = read_line_and_int(pb, &error);  // number of chunks in the file
+    if (number_of_chunks == INT_MAX)
+        return AVERROR_INVALIDDATA;
+
     // The number in the header is actually the index of the last chunk.
     number_of_chunks++;
author	Michael Niedermayer <michael@niedermayer.cc>	2023-09-30 21:14:28 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2023-10-08 21:36:02 +0200
commit	b3c973acbecb879d4949fecdadd2fdfc08dea42b (patch)
tree	bdd9a57011e2a8f8fc6c6103210b5c32b1b74c1d
parent	3508b496e195440d0af0203e2822937b8c6f5598 (diff)
download	ffmpeg-b3c973acbecb879d4949fecdadd2fdfc08dea42b.tar.gz