[FFmpeg-devel] [PATCH 06/15] avformat/rpl: Check for number_of_chunks overflow

[Michael Niedermayer]

Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int32_t' (aka 'int')
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-6086131095830528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
 libavformat/rpl.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/rpl.c b/libavformat/rpl.c
index 3ef6fda3862..eae0da891bc 100644
--- a/libavformat/rpl.c
+++ b/libavformat/rpl.c
@@ -268,6 +268,9 @@ static int rpl_read_header(AVFormatContext *s)
                "Video stream will be broken!\n", av_fourcc2str(vst->codecpar->codec_tag));
 
     number_of_chunks = read_line_and_int(pb, &error);  // number of chunks in the file
+    if (number_of_chunks == INT_MAX)
+        return AVERROR_INVALIDDATA;
+
     // The number in the header is actually the index of the last chunk.
     number_of_chunks++;
 
-- 
2.17.1