Message ID | 20210413154539.16739-4-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 578633fc1ac8c02a36a706bd71f775550412d1e1 |
Headers | show |
Series | [FFmpeg-devel,1/5] avcodec/dpx: Check bits_per_color earlier | expand |
Context | Check | Description |
---|---|---|
andriy/x86_make | success | Make finished |
andriy/x86_make_fate | success | Make fate finished |
andriy/PPC64_make | success | Make finished |
andriy/PPC64_make_fate | success | Make fate finished |
On Tue, Apr 13, 2021 at 05:45:38PM +0200, Michael Niedermayer wrote: > Fixes: signed integer overflow: 1406796319 * 2 cannot be represented in type 'int' > Fixes: 32777/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5632576913014784 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/utils.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) will apply [...]
diff --git a/libavformat/utils.c b/libavformat/utils.c index d9971d7fd3..3ed01b2110 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -4109,7 +4109,7 @@ FF_ENABLE_DEPRECATION_WARNINGS if (!st->r_frame_rate.num) { if ( avctx->time_base.den * (int64_t) st->time_base.num - <= avctx->time_base.num * avctx->ticks_per_frame * (uint64_t) st->time_base.den) { + <= avctx->time_base.num * (uint64_t)avctx->ticks_per_frame * st->time_base.den) { av_reduce(&st->r_frame_rate.num, &st->r_frame_rate.den, avctx->time_base.den, (int64_t)avctx->time_base.num * avctx->ticks_per_frame, INT_MAX); } else {
Fixes: signed integer overflow: 1406796319 * 2 cannot be represented in type 'int' Fixes: 32777/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5632576913014784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)