PR #22271 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22271 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22271.patch
Fixes: signed integer overflow: -63 - 2147483594 cannot be represented in type 'int' Fixes: 486530208/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-4694818252193792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> >From dbc8531b57a657340678ae289678377c54688af4 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Mon, 23 Feb 2026 20:29:40 +0100 Subject: [PATCH] avformat/vividas: Reset n_audio_subpackets on error Fixes: signed integer overflow: -63 - 2147483594 cannot be represented in type 'int' Fixes: 486530208/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-4694818252193792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/vividas.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/vividas.c b/libavformat/vividas.c index b708d71c65..76557acb8b 100644 --- a/libavformat/vividas.c +++ b/libavformat/vividas.c @@ -723,8 +723,10 @@ static int viv_read_packet(AVFormatContext *s, } last_start = viv->audio_subpackets[viv->n_audio_subpackets].start = (int)(off - avio_tell(pb)); - if (last_start < last) + if (last_start < last) { + viv->n_audio_subpackets = 0; return AVERROR_INVALIDDATA; + } viv->current_audio_subpacket = 0; } else { -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
