avformat/sccdec: Use larger intermediate for ts/next_ts computation

Fixes: signed integer overflow: 92237203 * 33 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_SCC_fuzzer-6603769487949824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavformat/sccdec.c b/libavformat/sccdec.c
index 751dee7c6c1748e64ce7e097cf047ff44732938a..178652094478f8d62d6fcd369912296ad84f8b49 100644 (file)
--- a/libavformat/sccdec.c
+++ b/libavformat/sccdec.c
@@ -93,7 +93,7 @@ static int scc_read_header(AVFormatContext *s)
                     break;
             }
 
-            ts = (hh * 3600LL + mm * 60LL + ss) * 1000LL + fs * 33;
+            ts = (hh * 3600LL + mm * 60LL + ss) * 1000LL + fs * 33LL;
 
             while (!ff_text_eof(&tr)) {
                 len = ff_subtitles_read_line(&tr, line2, sizeof(line2));
@@ -117,7 +117,7 @@ static int scc_read_header(AVFormatContext *s)
             }
         }
 
-        next_ts = (hh * 3600LL + mm * 60LL + ss) * 1000LL + fs * 33;
+        next_ts = (hh * 3600LL + mm * 60LL + ss) * 1000LL + fs * 33LL;
 
         pos = ff_text_pos(&tr);
         lline = (char *)&line;