Fix potential overflow in congestion controller fuzzer.
Bug: chromium:787753
Change-Id: I43d765379216db35f3df748b16599b34bffd388f
Reviewed-on: https://webrtc-review.googlesource.com/25480
Reviewed-by: Björn Terelius <terelius@webrtc.org>
Commit-Queue: Stefan Holmer <stefan@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#20851}diff --git a/test/fuzzers/congestion_controller_feedback_fuzzer.cc b/test/fuzzers/congestion_controller_feedback_fuzzer.cc
index a7b89fc..084c8c3 100644
--- a/test/fuzzers/congestion_controller_feedback_fuzzer.cc
+++ b/test/fuzzers/congestion_controller_feedback_fuzzer.cc
@@ -27,8 +27,9 @@
header.ssrc = ByteReader<uint32_t>::ReadBigEndian(&data[i]);
i += sizeof(uint32_t);
header.extension.hasTransportSequenceNumber = true;
- int64_t arrival_time_ms =
- std::max<int64_t>(ByteReader<int64_t>::ReadBigEndian(&data[i]), 0);
+ int64_t arrival_time_ms = std::min<int64_t>(
+ std::max<int64_t>(ByteReader<int64_t>::ReadBigEndian(&data[i]), 0),
+ std::numeric_limits<int64_t>::max() / 2);
i += sizeof(int64_t);
const size_t kMinPacketSize =
sizeof(size_t) + sizeof(uint16_t) + sizeof(uint8_t);
@@ -41,7 +42,7 @@
rbe->IncomingPacket(arrival_time_ms, payload_size, header);
clock.AdvanceTimeMilliseconds(5);
arrival_time_ms += ByteReader<uint8_t>::ReadBigEndian(&data[i]);
- arrival_time_ms += sizeof(uint8_t);
+ i += sizeof(uint8_t);
}
rbe->Process();
}
