[vlc-commits] [Git][videolan/vlc][master] demux: subtitle: fix potential integer overflow in SubRip timings

[Steve Lhomme (@robUx4)]

Steve Lhomme pushed to branch master at VideoLAN / VLC


Commits:
2c778917 by Steve Lhomme at 2025-08-13T11:01:58+00:00
demux: subtitle: fix potential integer overflow in SubRip timings

Fixes #29064

- - - - -


1 changed file:

- modules/demux/subtitle.c


Changes:

=====================================
modules/demux/subtitle.c
=====================================
@@ -1130,6 +1130,7 @@ static int subtitle_ParseSubRipTimingValue(vlc_tick_t *timing_value,
                                            const char *s, size_t length)
 {
     int h1, m1, s1, d1 = 0;
+    int64_t sec, ms, total;
 
     int count;
     if (sscanf(s, "%d:%d:%d,%d%n", &h1, &m1, &s1, &d1, &count) == 4
@@ -1148,8 +1149,14 @@ static int subtitle_ParseSubRipTimingValue(vlc_tick_t *timing_value,
     return VLC_EGENERIC;
 
 success:
+    if (ckd_mul(&sec, h1, 3600) ||
+        ckd_mul(&ms,  m1, 60) ||
+        ckd_add(&total, sec, ms) ||
+        ckd_add(&total, total, s1))
+        return VLC_EINVAL;
+
     (*timing_value) = VLC_TICK_0
-        + vlc_tick_from_sec(h1 * 3600 + m1 * 60 + s1)
+        + vlc_tick_from_sec(total)
         + VLC_TICK_FROM_MS(d1);
 
     return VLC_SUCCESS;



View it on GitLab: https://code.videolan.org/videolan/vlc/-/commit/2c7789176ce38d4435928fd46a76003a5ce2baaa

-- 
View it on GitLab: https://code.videolan.org/videolan/vlc/-/commit/2c7789176ce38d4435928fd46a76003a5ce2baaa
You're receiving this email because of your account on code.videolan.org.


VideoLAN code repository instance