[FFmpeg-cvslog] avcodec/utils: fix 2 integer overflows in get_audio_frame_duration()
Michael Niedermayer
git at videolan.org
Mon Oct 30 02:10:06 EET 2023
ffmpeg | branch: release/5.1 | Michael Niedermayer <michael at niedermayer.cc> | Sun Jun 18 21:00:03 2023 +0200| [515c7b21f47df97944969347b28dcba640748de6] | committer: Michael Niedermayer
avcodec/utils: fix 2 integer overflows in get_audio_frame_duration()
Fixes: signed integer overflow: 256 * 668003712 cannot be represented in type 'int'
Fixes: 59819/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-4674636538052608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a4bf559683a999c8faa408fdd8f29bd28a6a47ea)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=515c7b21f47df97944969347b28dcba640748de6
---
libavcodec/utils.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index add1e2139b..a0c5eb4808 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -649,9 +649,9 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba,
if (sr > 0) {
/* calc from sample rate */
if (id == AV_CODEC_ID_TTA)
- return 256 * sr / 245;
+ return 256ll * sr / 245;
else if (id == AV_CODEC_ID_DST)
- return 588 * sr / 44100;
+ return 588ll * sr / 44100;
else if (id == AV_CODEC_ID_BINKAUDIO_DCT) {
if (sr / 22050 > 22)
return 0;
More information about the ffmpeg-cvslog
mailing list