diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2021-06-10 20:35:43 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2021-06-12 14:22:42 +0200 |
| commit | 480f11bdd713c15e4964093be7ef0adf5b619cc1 (patch) | |
| tree | cd1940a8eea3eaa9e8850b6ba2b2e827e8516169 /libavformat/rpl.c | |
| parent | ff56c139e07a4de2803b974b6595f6b71fbf53bd (diff) | |
| download | ffmpeg-480f11bdd713c15e4964093be7ef0adf5b619cc1.tar.gz | |
avformat/rpl: The associative law doesnt hold for signed integers in C
Add () to avoid undefined behavior
Fixes: signed integer overflow: 9223372036854775790 + 57 cannot be represented in type 'long'
Fixes: 34983/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5765822923538432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavformat/rpl.c')
| -rw-r--r-- | libavformat/rpl.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/rpl.c b/libavformat/rpl.c index fac377b68e..296cb2c984 100644 --- a/libavformat/rpl.c +++ b/libavformat/rpl.c @@ -103,7 +103,7 @@ static AVRational read_fps(const char* line, int* error) // Truncate any numerator too large to fit into an int64_t if (num > (INT64_MAX - 9) / 10 || den > INT64_MAX / 10) break; - num = 10 * num + *line - '0'; + num = 10 * num + (*line - '0'); den *= 10; } if (!num) |