eessppeelllloo/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2026-05-09 12:32:56 +02:00
Code Issues Packages Projects Releases Wiki Activity

avformat/mov: Handle integer overflow in MOV parser

Browse Source 
A chromium UBSAN fuzzer caught this instance.
This commit is contained in:
Ted Meyer
2026-03-03 12:52:25 -08:00
parent 49c449b33a
commit fc7cab6be3
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
libavformat/mov.c
+6 -1
View File
@@ -4333,7 +4333,12 @@ static void mov_fix_index(MOVContext *mov, AVStream *st)
st->index, edit_list_index, edit_list_media_time, edit_list_duration);
edit_list_index++;
edit_list_dts_counter = edit_list_dts_entry_end;
edit_list_dts_entry_end += edit_list_duration;
edit_list_dts_entry_end = av_sat_add64(edit_list_dts_entry_end, edit_list_duration);
if (edit_list_dts_entry_end == INT64_MAX) {
av_log(mov->fc, AV_LOG_ERROR, "Cannot calculate dts entry length with duration %"PRId64"\n",
edit_list_duration);
break;
}
num_discarded_begin = 0;
if (!found_non_empty_edit && edit_list_media_time == -1) {
empty_edits_sum_duration += edit_list_duration;