PR #21755 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21755 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21755.patch
Fixes: signed integer overflow: 9223372036854775807 + 3546086691638400 cannot be represented in type 'int64_t' (aka 'long') Fixes: 471723681/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4841032488648704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> >From 85022bb02e39b05599d598545c2d91e102584ccc Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Sat, 14 Feb 2026 01:46:48 +0100 Subject: [PATCH] avcodec/h264_parser: Check pts for overflow Fixes: signed integer overflow: 9223372036854775807 + 3546086691638400 cannot be represented in type 'int64_t' (aka 'long') Fixes: 471723681/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4841032488648704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/h264_parser.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/h264_parser.c b/libavcodec/h264_parser.c index 040739a1d4..ebf0d8d307 100644 --- a/libavcodec/h264_parser.c +++ b/libavcodec/h264_parser.c @@ -650,7 +650,9 @@ static int h264_parse(AVCodecParserContext *s, } if (p->reference_dts != AV_NOPTS_VALUE && s->pts == AV_NOPTS_VALUE) - s->pts = s->dts + av_rescale(s->pts_dts_delta, num, den); + if (av_sat_add64(s->dts, av_rescale(s->pts_dts_delta, num, den)) == + (uint64_t)s->dts + av_rescale(s->pts_dts_delta, num, den)) + s->pts = s->dts + av_rescale(s->pts_dts_delta, num, den); if (s->dts_sync_point > 0) p->reference_dts = s->dts; // new reference -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
