diff options
author | Andreas Rheinhardt <andreas.rheinhardt@gmail.com> | 2020-12-11 01:46:15 +0100 |
---|---|---|
committer | Andreas Rheinhardt <andreas.rheinhardt@gmail.com> | 2020-12-11 01:46:15 +0100 |
commit | 43b4c66e6b7dc788b8c6e4c9cfdb08bfa5ef2360 (patch) | |
tree | a8fc54c0c2092f854996307e3d07671a4c7b2459 /libavcodec/dctref.c | |
parent | 7ab5192260c387a10998481fe1468f1304f6ebd2 (diff) | |
download | ffmpeg-43b4c66e6b7dc788b8c6e4c9cfdb08bfa5ef2360.tar.gz |
avformat/utils: Improve ffio_limit logic
The earlier code would not complain if the remaining size was one byte
short of the desired size; and the way it performed the check could run
into signed integer overflow.
Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long'
Fixes: Timeout
Fixes: 26434/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5752845451919360
Fixes: 26444/clusterfuzz-testcase-minimized-ffmpeg_dem_BINK_fuzzer-4697773380993024
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Diffstat (limited to 'libavcodec/dctref.c')
0 files changed, 0 insertions, 0 deletions