diff options
| author | Oleg Oshmyan <chortos@inbox.lv> | 2017-02-04 01:05:29 +0200 |
|---|---|---|
| committer | Oleg Oshmyan <chortos@inbox.lv> | 2020-10-18 05:01:31 +0300 |
| commit | b06e2975240de9aca03dd6af5c45bee964678ec4 (patch) | |
| tree | b4097e38b70f10181d03143f92cfa9d4231efb0b /libass/ass_parse.h | |
| parent | 84928b1fb100004686ac61851720da9247cad34b (diff) | |
| download | libass-b06e2975240de9aca03dd6af5c45bee964678ec4.tar.bz2 libass-b06e2975240de9aca03dd6af5c45bee964678ec4.tar.xz | |
Fix integer overflow while parsing \fad(arg, large negative number)
If t3 is initially negative, it should be set to a value larger
than the duration of the event. This triggers the `now < t3` branch
in interpolate_alpha (if none of the earlier branches are taken).
The same effect can be achieved by setting t3 to the duration itself.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=531.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3905.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11736.
Diffstat (limited to 'libass/ass_parse.h')
0 files changed, 0 insertions, 0 deletions