packages/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ffmpeg/backport-CVE-2024-35366.patch
李宁杰 77008daaae fix CVE-2024-35366 CVE-2024-35367 
(cherry picked from commit 1fb81e551764d3bf478f8aefac0e67291396ad3e)
2024-12-02 08:36:29 +08:00

30 lines
1.3 KiB
Diff
Raw Blame History

From 0bed22d597b78999151e3bde0768b7fe763fc2a6 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Tue, 26 Mar 2024 00:39:49 +0100
Subject: [PATCH] avformat/sbgdec: Check for negative duration
Fixes: signed integer overflow: 9223372036854775807 - -8000000 cannot be represented in type 'long'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-5133181743136768
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavformat/sbgdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/sbgdec.c b/libavformat/sbgdec.c
index bc2469afd1..e60eb1481e 100644
--- a/libavformat/sbgdec.c
+++ b/libavformat/sbgdec.c
@@ -387,7 +387,7 @@ static int parse_options(struct sbg_parser *p)
case 'L':
FORWARD_ERROR(parse_optarg(p, opt, &oarg));
r = str_to_time(oarg.s, &p->scs.opt_duration);
- if (oarg.e != oarg.s + r) {
+ if (oarg.e != oarg.s + r || p->scs.opt_duration < 0) {
snprintf(p->err_msg, sizeof(p->err_msg),
"syntax error for option -L");
return AVERROR_INVALIDDATA;
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink