falkTX
/
FFmpeg
mirror of https://github.com/falkTX/FFmpeg.git
1
0
Fork 0
Code Issues 0 Releases 338 Wiki Activity
Browse Source

avutil/avsscanf: Add () to avoid integer overflow in scanexp() 

Fixes: signed integer overflow: 2147483610 + 52 cannot be represented in type 'int'
Fixes: 23260/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PBM_fuzzer-5187871274434560

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 42b28565aa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
tags/n4.2.4
Michael Niedermayer 5 years ago
parent
6fe28832a9
commit
9fd30d0bdf
1 changed files with 2 additions and 2 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +2
    -2
      libavutil/avsscanf.c

+ 2
- 2
libavutil/avsscanf.c View File

@@ -229,9 +229,9 @@ static long long scanexp(FFFILE *f, int pok)
return LLONG_MIN;
}
for (x=0; c-'0'<10U && x<INT_MAX/10; c = shgetc(f))
x = 10*x + c-'0';
x = 10*x + (c-'0');
for (y=x; c-'0'<10U && y<LLONG_MAX/100; c = shgetc(f))
y = 10*y + c-'0';
y = 10*y + (c-'0');
for (; c-'0'<10U; c = shgetc(f));
shunget(f);
return neg ? -y : y;


Write Preview
Loading…
Cancel
Save