diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2024-11-18 04:09:11 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2024-12-31 19:15:19 +0100 |
| commit | eab65379bf89c55d8ec4bc6f00e04f15b37d3d85 (patch) | |
| tree | 502580da2edb5fac3861ee28673e8768524114ff | |
| parent | 1446e37d3d032e1452844778b3e6ba2c20f0c322 (diff) | |
| download | ffmpeg-eab65379bf89c55d8ec4bc6f00e04f15b37d3d85.tar.gz | |
avformat/rpl: Fix check for negative values
Fixes: signed integer overflow: 10 * -1923267925333400000 cannot be represented in type 'int64_t' (aka 'long')
Fixes: 378891963/clusterfuzz-testcase-minimized-fuzzer_loadfile_direct-5714338935013376
Found-by: ossfuzz
Reported-by: Kacper Michajlow <kasper93@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
| -rw-r--r-- | libavformat/rpl.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/rpl.c b/libavformat/rpl.c index e971d0588f..b30d769efb 100644 --- a/libavformat/rpl.c +++ b/libavformat/rpl.c @@ -102,7 +102,7 @@ static AVRational read_fps(const char* line, int* error) line++; for (; *line>='0' && *line<='9'; line++) { // Truncate any numerator too large to fit into an int64_t - if (num > (INT64_MAX - 9) / 10 || den > INT64_MAX / 10) + if (num > (INT64_MAX - 9) / 10ULL || den > INT64_MAX / 10ULL) break; num = 10 * num + (*line - '0'); den *= 10; |