Fixes: signed integer overflow: -2147483648 - 14 cannot be represented in type 'int' Fixes: 27659/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-5697250168406016
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavformat/rmdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index 004c62086d..a82519987c 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -719,9 +719,9 @@ static int rm_sync(AVFormatContext *s, int64_t *timestamp, int *flags, int *stre av_log(s, AV_LOG_WARNING, "Index size %d (%d pkts) is wrong, should be %"PRId64".\n", len, n_pkts, expected_len); - len -= 14; // we already read part of the index header - if(len<0) + if(len < 14) continue; + len -= 14; // we already read part of the index header goto skip; } else if (state == MKBETAG('D','A','T','A')) { av_log(s, AV_LOG_WARNING, -- 2.17.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
