On Fri, Jul 11, 2025 at 09:49:29PM +0200, Kacper Michajłow wrote:
> Fixes: signed integer overflow: 9223372036854737920 + 1649410 cannot be
> represented in type 'int64_t'
> 
> Fixes OSS-Fuzz: 410100610
> 
> Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
> ---
>  libavformat/subfile.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/libavformat/subfile.c b/libavformat/subfile.c
> index be48ef72ef..b8c6ce0eef 100644
> --- a/libavformat/subfile.c
> +++ b/libavformat/subfile.c
> @@ -128,13 +128,13 @@ static int64_t subfile_seek(URLContext *h, int64_t pos, int whence)
>      case AVSEEK_SIZE:
>          return end - c->start;
>      case SEEK_SET:
> -        new_pos = c->start + pos;
> +        new_pos = c->start + av_clip(pos, 0, end - c->start);
>          break;
>      case SEEK_CUR:
> -        new_pos = c->pos + pos;
> +        new_pos = c->pos + av_clip(pos, -(c->pos - c->start), end - c->pos);
>          break;
>      case SEEK_END:
> -        new_pos = end + pos;
> +        new_pos = end + av_clip(pos, -(end - c->start), 0);
>          break;
>      default:
>          av_assert0(0);

regression fix for this is here:
https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20055

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

During times of universal deceit, telling the truth becomes a
revolutionary act. -- George Orwell