MPEG4Writer: Fix unsigned integer overflow When the timestampUs is negative and firstSampleStartOffsetUs is 0 then we convert it into a positive number which causes an overflow if the timestamp is equal to INT_MIN. Test: ./ndk_mediamuxer_fuzzer Bug: 336685906 Bug: 346056654 Change-Id: I93060a8c3ec31e4309d3b49e528eeda8c7fc88d2

commit: f1aaf95082318b82ecf83c09ed07fd95ddf592ab [log] [tgz]
author: Sohail Nagaraj <sohailnagaraj@google.com> Fri Aug 09 12:37:45 2024 +0000
committer: Sohail Nagaraj <sohailnagaraj@google.com> Mon Aug 26 14:02:23 2024 +0000
tree: 4ceb34a582c7326fcb3e9ba65a8f49f3426349f9
parent: b1252561ab9453264b73fcac7f1f5bef5259dfef [diff]
diff --git a/media/libstagefright/MPEG4Writer.cpp b/media/libstagefright/MPEG4Writer.cpp
index 15188b0..76b6aa6 100644
--- a/media/libstagefright/MPEG4Writer.cpp
+++ b/media/libstagefright/MPEG4Writer.cpp

@@ -3776,6 +3776,12 @@
             if (mStszTableEntries->count() == 0) {
                 mFirstSampleTimeRealUs = systemTime() / 1000;
                 if (timestampUs < 0 && mFirstSampleStartOffsetUs == 0) {
+                    if (WARN_UNLESS(timestampUs != INT64_MIN, "for %s track", trackName)) {
+                        copy->release();
+                        mSource->stop();
+                        mIsMalformed = true;
+                        break;
+                    }
                     mFirstSampleStartOffsetUs = -timestampUs;
                     timestampUs = 0;
                 }
commit	f1aaf95082318b82ecf83c09ed07fd95ddf592ab	[log] [tgz]
author	Sohail Nagaraj <sohailnagaraj@google.com>	Fri Aug 09 12:37:45 2024 +0000
committer	Sohail Nagaraj <sohailnagaraj@google.com>	Mon Aug 26 14:02:23 2024 +0000
tree	4ceb34a582c7326fcb3e9ba65a8f49f3426349f9
parent	b1252561ab9453264b73fcac7f1f5bef5259dfef [diff]