avformat/aviobuf: Fix signed integer overflow in avio_seek()

Signed integer overflow is undefined behavior. Detected with clang and -fsanitize=signed-integer-overflow Signed-off-by: Vitaly Buka <vitalybuka@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/aviobuf: Fix signed integer overflow in avio_seek()
Signed integer overflow is undefined behavior. Detected with clang and -fsanitize=signed-integer-overflow Signed-off-by: Vitaly Buka <vitalybuka@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
eca2a497 · Vitaly Buka · Michael Niedermayer · 4a404cb5 · eca2a497
Commit eca2a497 authored Aug 20, 2017 by Vitaly Buka Committed by Michael Niedermayer Aug 23, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

aviobuf.c libavformat/aviobuf.c +2 -0

No files found.
--- a/libavformat/aviobuf.c
+++ b/libavformat/aviobuf.c
@@ -259,6 +259,8 @@ int64_t avio_seek(AVIOContext *s, int64_t offset, int whence)
        offset1 = pos + (s->buf_ptr - s->buffer);
        if (offset == 0)
            return offset1;
+        if (offset > INT64_MAX - offset1)
+            return AVERROR(EINVAL);
        offset += offset1;
    }
    if (offset < 0)