mov: reject negative ELST durations

Michael Niedermayer Sat, 10 May 2025 17:33:34 -0700

Fixes: multiple integer overflows
Fixes: 
401016767/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6242067591790592


Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
 libavformat/mov.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index cb81b6c4da8..8a094b1ea0a 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -6295,6 +6295,11 @@ static int mov_read_elst(MOVContext *c, AVIOContext *pb, 
MOVAtom atom)
                    c->fc->nb_streams-1, i, e->time);
             return AVERROR_INVALIDDATA;
         }
+        if (e->duration < 0) {
+            av_log(c->fc, AV_LOG_ERROR, "Track %d, edit %d: Invalid edit list 
duration=%"PRId64"\n",
+                   c->fc->nb_streams-1, i, e->duration);
+            return AVERROR_INVALIDDATA;
+        }
     }
     sc->elst_count = i;
 
-- 
2.49.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 2/8] avformat/mov: reject negative ELST durations

Reply via email to