PR #22270 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22270 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22270.patch
Fixes: signed integer overflow: -8659510451449931520 - 2205846422852077376 cannot be represented in type 'int64_t' (aka 'long') Fixes: 486358507/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-4896911086911488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> >From 2f26fd7a1724d89ec2590c7a636ba3ad8812084b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Mon, 23 Feb 2026 19:52:18 +0100 Subject: [PATCH] avformat/matroskadec: Check that end_time_ns >= start_time_ns Fixes: signed integer overflow: -8659510451449931520 - 2205846422852077376 cannot be represented in type 'int64_t' (aka 'long') Fixes: 486358507/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-4896911086911488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/matroskadec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 503b99b286..aa7a2d1785 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -4454,6 +4454,10 @@ static CueDesc get_cue_desc(AVFormatContext *s, int64_t ts, int64_t cues_start) // Clusters. cue_desc.end_offset = cues_start - matroska->segment_start; } + + if (cue_desc.end_time_ns < cue_desc.start_time_ns) + return (CueDesc) {-1, -1, -1, -1}; + return cue_desc; } -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
