[FFmpeg-cvslog] avformat/rka: Fix 1/0 with bps=1
Michael Niedermayer
git at videolan.org
Fri Feb 24 03:27:36 EET 2023
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Mon Feb 20 19:38:00 2023 +0100| [b3df7ca748bf28e41a6fcb6792b485d8eb04b36a] | committer: Michael Niedermayer
avformat/rka: Fix 1/0 with bps=1
Fixes: division by zero
Fixes: 55940/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-6333107679920128
The decoder does not support bps=1 and i have no such sample so it is not
known if this duration is correct. Alternatively we could error out on all
bps we currently do not support on the decoder side or not set duration.
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b3df7ca748bf28e41a6fcb6792b485d8eb04b36a
---
libavformat/rka.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/rka.c b/libavformat/rka.c
index cc55480345..39e5b3bce1 100644
--- a/libavformat/rka.c
+++ b/libavformat/rka.c
@@ -114,7 +114,7 @@ static int rka_read_header(AVFormatContext *s)
par->ch_layout.nb_channels = channels;
par->sample_rate = samplerate;
par->bits_per_raw_sample = bps;
- st->duration = nb_samples / (channels * (bps >> 3));
+ st->duration = 8LL*nb_samples / (channels * bps);
if (s->pb->seekable & AVIO_SEEKABLE_NORMAL)
ff_ape_parse_tag(s);
More information about the ffmpeg-cvslog
mailing list