Stowage/ffmpeg
2
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-10-19 09:53:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

avformat/lrcdec: limit input timestamp range to avoid overflows

Browse source 
Fixes: clusterfuzz-testcase-ffmpeg_dem_LRC_fuzzer-5226140131459072
Found-by: OSS-Fuzz
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit c74bc74398)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Kacper Michajłow 2025-08-09 16:49:17 +02:00 committed by Michael Niedermayer
parent 719e640c88
commit 2838f8f54c
No known key found for this signature in database
GPG key ID: B18E8928B3948D64
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
libavformat/lrcdec.c
View file

@ -77,7 +77,7 @@ static int64_t count_ts(const char *p)
static int64_t read_ts(const char *p, int64_t *start)
{
int64_t offset = 0;
uint64_t mm;
uint32_t mm;
double ss;
char prefix[3];
@ -87,8 +87,8 @@ static int64_t read_ts(const char *p, int64_t *start)
if(p[offset] != '[') {
return 0;
}
int ret = sscanf(p, "%2[[-]%"SCNu64":%lf]", prefix, &mm, &ss);
if (ret != 3 || prefix[0] != '[') {
int ret = sscanf(p, "%2[[-]%"SCNu32":%lf]", prefix, &mm, &ss);
if (ret != 3 || prefix[0] != '[' || ss < 0 || ss > 60) {
return 0;
}
*start = (mm * 60 + ss) * AV_TIME_BASE;