aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2021-06-10 20:35:43 +0200
committerMichael Niedermayer <michael@niedermayer.cc>2021-06-18 20:53:56 +0200
commitc5df87e259717b9bb72dd8a72dbf7539f454d281 (patch)
treedc7e256f13b33a4c57346e2171db0bb65be0a237
parent29d3e924a666c5837bd3cce48631da66e5ddbc50 (diff)
downloadffmpeg-c5df87e259717b9bb72dd8a72dbf7539f454d281.tar.gz
avformat/rpl: The associative law doesnt hold for signed integers in C
Add () to avoid undefined behavior Fixes: signed integer overflow: 9223372036854775790 + 57 cannot be represented in type 'long' Fixes: 34983/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5765822923538432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 480f11bdd713c15e4964093be7ef0adf5b619cc1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r--libavformat/rpl.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/rpl.c b/libavformat/rpl.c
index c474b76c45..ad3659e936 100644
--- a/libavformat/rpl.c
+++ b/libavformat/rpl.c
@@ -103,7 +103,7 @@ static AVRational read_fps(const char* line, int* error)
// Truncate any numerator too large to fit into an int64_t
if (num > (INT64_MAX - 9) / 10 || den > INT64_MAX / 10)
break;
- num = 10 * num + *line - '0';
+ num = 10 * num + (*line - '0');
den *= 10;
}
if (!num)