[FFmpeg-cvslog] avcodec/rv10: Fix integer overflow in aspect ratio compare
Michael Niedermayer
git at videolan.org
Mon Jul 8 12:40:30 EEST 2019
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Fri Jun 28 19:20:43 2019 +0200| [14fcf42958608223a0be6558fb6e323419c9fc27] | committer: Michael Niedermayer
avcodec/rv10: Fix integer overflow in aspect ratio compare
Fixes: signed integer overflow: 2040 * 1187872 cannot be represented in type 'int'
Fixes: 15368/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RV20_fuzzer-5681657136283648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=14fcf42958608223a0be6558fb6e323419c9fc27
---
libavcodec/rv10.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/rv10.c b/libavcodec/rv10.c
index 8f4497b9e0..729e4a8d2c 100644
--- a/libavcodec/rv10.c
+++ b/libavcodec/rv10.c
@@ -388,9 +388,9 @@ static int rv20_decode_picture_header(RVDecContext *rv)
// attempt to keep aspect during typical resolution switches
if (!old_aspect.num)
old_aspect = (AVRational){1, 1};
- if (2 * new_w * s->height == new_h * s->width)
+ if (2 * (int64_t)new_w * s->height == (int64_t)new_h * s->width)
s->avctx->sample_aspect_ratio = av_mul_q(old_aspect, (AVRational){2, 1});
- if (new_w * s->height == 2 * new_h * s->width)
+ if ((int64_t)new_w * s->height == 2 * (int64_t)new_h * s->width)
s->avctx->sample_aspect_ratio = av_mul_q(old_aspect, (AVRational){1, 2});
ret = ff_set_dimensions(s->avctx, new_w, new_h);
More information about the ffmpeg-cvslog
mailing list