avformat/dhav: Fix handling or slightly larger files

Fixes: integer overflow Fixes: 490241718/clusterfuzz-testcase-minimized-ffmpeg_dem_DHAV_fuzzer-4902512932225024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2026-04-20 21:00:41 +08:00 · 2026-03-07 13:48:49 +01:00
parent eb5d607861
commit c5d5fb2309
1 changed files with 1 additions and 1 deletions
--- a/libavformat/dhav.c
+++ b/libavformat/dhav.c
@@ -252,7 +252,7 @@ static int64_t get_duration(AVFormatContext *s)
    int64_t size = avio_size(s->pb);
    int64_t ret = 0;

-    if (start_pos + 20 > size)
+    if (start_pos < 0 || start_pos > size - 20)
        return 0;

    avio_skip(s->pb, 16);