avformat/matroskadec: Check that end_time_ns >= start_time_ns

Fixes: signed integer overflow: -8659510451449931520 - 2205846422852077376 cannot be represented in type 'int64_t' (aka 'long') Fixes: 486358507/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-4896911086911488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2026-04-20 21:00:41 +08:00 · 2026-02-23 19:52:18 +01:00
parent 228b846407
commit a4d40f853a
1 changed files with 4 additions and 0 deletions
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -4454,6 +4454,10 @@ static CueDesc get_cue_desc(AVFormatContext *s, int64_t ts, int64_t cues_start)
        // Clusters.
        cue_desc.end_offset = cues_start - matroska->segment_start;
    }
+
+    if (cue_desc.end_time_ns < cue_desc.start_time_ns)
+        return (CueDesc) {-1, -1, -1, -1};
+
    return cue_desc;
 }