[FFmpeg-devel] [PATCH 1/3] avformat/flvdec: Treat high ts byte as unsigned
Michael Niedermayer
michael at niedermayer.cc
Tue Nov 24 01:42:02 EET 2020
Fixes: left shift of 255 by 24 places cannot be represented in type 'int'
Fixes: 27516/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5152854660349952
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavformat/flvdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
index ad6e7a3ca5..3edb16722b 100644
--- a/libavformat/flvdec.c
+++ b/libavformat/flvdec.c
@@ -1158,7 +1158,7 @@ retry_duration:
avio_seek(s->pb, fsize - 3 - size, SEEK_SET);
if (size == avio_rb24(s->pb) + 11) {
uint32_t ts = avio_rb24(s->pb);
- ts |= avio_r8(s->pb) << 24;
+ ts |= (unsigned)avio_r8(s->pb) << 24;
if (ts)
s->duration = ts * (int64_t)AV_TIME_BASE / 1000;
else if (fsize >= 8 && fsize - 8 >= size) {
--
2.17.1
More information about the ffmpeg-devel
mailing list