avformat/mov: Fix integer overflow in FFABS
authorMichael Niedermayer <michael@niedermayer.cc>
Thu, 3 Sep 2015 07:20:23 +0000 (09:20 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Thu, 3 Sep 2015 07:20:57 +0000 (09:20 +0200)
Fixes: unknown_unknown_19e_414_cov_764838672_bellhamlam.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavformat/mov.c

index 45367d3..764a7b1 100644 (file)
@@ -2506,7 +2506,7 @@ static int mov_read_ctts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
         av_log(c->fc, AV_LOG_TRACE, "count=%d, duration=%d\n",
                 count, duration);
 
-        if (FFABS(duration) > (1<<28) && i+2<entries) {
+        if (FFNABS(duration) < -(1<<28) && i+2<entries) {
             av_log(c->fc, AV_LOG_WARNING, "CTTS invalid\n");
             av_freep(&sc->ctts_data);
             sc->ctts_count = 0;