avformat/microdvddec: skip malformed lines without frame number.

Fixes: signed integer overflow: 1 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 23490/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5133490093031424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavformat/microdvddec.c b/libavformat/microdvddec.c
index 8759200f88e606a9e55ef20c8032da34fb4db4a4..1f871b251829ab782c377d04cafe59f21c4384fc 100644 (file)
--- a/libavformat/microdvddec.c
+++ b/libavformat/microdvddec.c
@@ -94,6 +94,7 @@ static int microdvd_read_header(AVFormatContext *s)
         int64_t pos = avio_tell(s->pb);
         int len = ff_get_line(s->pb, line_buf, sizeof(line_buf));
         char *line = line_buf;
+        int64_t pts;
 
         if (!strncmp(line, bom, 3))
             line += 3;
@@ -137,13 +138,16 @@ static int microdvd_read_header(AVFormatContext *s)
         SKIP_FRAME_ID;
         if (!*p)
             continue;
+        pts = get_pts(line);
+        if (pts == AV_NOPTS_VALUE)
+            continue;
         sub = ff_subtitles_queue_insert(&microdvd->q, p, strlen(p), 0);
         if (!sub) {
             ret = AVERROR(ENOMEM);
             goto fail;
         }
         sub->pos = pos;
-        sub->pts = get_pts(line);
+        sub->pts = pts;
         sub->duration = get_duration(line);
     }
     ff_subtitles_queue_finalize(s, &microdvd->q);