[FFmpeg-devel,2/2] avformat/mxfdec: Use 64bit in remainder

Message ID	20221225220323.20968-2-michael@niedermayer.cc
State	New
Headers	show Delivered-To: ffmpegpatchwork2@gmail.com Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; sender: michael@niedermayer.cc) by mail.gandi.net (Postfix) with ESMTPSA id B345B240005 for <ffmpeg-devel@ffmpeg.org>; Sun, 25 Dec 2022 22:03:25 +0000 (UTC) From: Michael Niedermayer <michael@niedermayer.cc> To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> Date: Sun, 25 Dec 2022 23:03:23 +0100 Message-Id: <20221225220323.20968-2-michael@niedermayer.cc> In-Reply-To: <20221225220323.20968-1-michael@niedermayer.cc> References: <20221225220323.20968-1-michael@niedermayer.cc> Subject: [FFmpeg-devel] [PATCH 2/2] avformat/mxfdec: Use 64bit in remainder Precedence: list Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Series	[FFmpeg-devel,1/2] avcodec/hdrdec: Check for end of input in decompress() \| expand [FFmpeg-devel,1/2] avcodec/hdrdec: Check for end of input in decompress() [FFmpeg-devel,2/2] avformat/mxfdec: Use 64bit in remainder

Context	Check	Description
andriy/make_x86	success	Make finished
andriy/make_fate_x86	success	Make fate finished

Michael Niedermayer Dec. 25, 2022, 10:03 p.m. UTC

Fixes: signed integer overflow: 48000 * 223587 cannot be represented in type 'int'
Fixes: 54513/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5817594836025344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/mxfdec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Tomas Härdin Dec. 26, 2022, 10:36 a.m. UTC | #1

sön 2022-12-25 klockan 23:03 +0100 skrev Michael Niedermayer:
> Fixes: signed integer overflow: 48000 * 223587 cannot be represented
> in type 'int'
> Fixes: 54513/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-
> 5817594836025344
> 
> Found-by: continuous fuzzing process 
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/mxfdec.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> index e6118e141d..6150c131ec 100644
> --- a/libavformat/mxfdec.c
> +++ b/libavformat/mxfdec.c
> @@ -3857,8 +3857,8 @@ static int64_t
> mxf_compute_sample_count(MXFContext *mxf, AVStream *st,
>      if ((sample_rate.num / sample_rate.den) == 48000) {
>          return av_rescale_q(edit_unit, sample_rate, track-
> >edit_rate);
>      } else {
> -        int remainder = (sample_rate.num * time_base.num) %
> -                        (time_base.den * sample_rate.den);
> +        int64_t remainder = (sample_rate.num *
> (int64_t)time_base.num) %
> +                        (time_base.den * (int64_t)sample_rate.den);
>          if (remainder)

Looks OK. Could use uint64_t also I think

/Tomas

James Almer Dec. 26, 2022, 2:11 p.m. UTC | #2

On 12/25/2022 7:03 PM, Michael Niedermayer wrote:
> Fixes: signed integer overflow: 48000 * 223587 cannot be represented in type 'int'
> Fixes: 54513/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5817594836025344
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>   libavformat/mxfdec.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> index e6118e141d..6150c131ec 100644
> --- a/libavformat/mxfdec.c
> +++ b/libavformat/mxfdec.c
> @@ -3857,8 +3857,8 @@ static int64_t mxf_compute_sample_count(MXFContext *mxf, AVStream *st,
>       if ((sample_rate.num / sample_rate.den) == 48000) {
>           return av_rescale_q(edit_unit, sample_rate, track->edit_rate);
>       } else {
> -        int remainder = (sample_rate.num * time_base.num) %
> -                        (time_base.den * sample_rate.den);
> +        int64_t remainder = (sample_rate.num * (int64_t)time_base.num) %
> +                        (time_base.den * (int64_t)sample_rate.den);

Don't undo the vertical alignment, please.

>           if (remainder)
>               av_log(mxf->fc, AV_LOG_WARNING,
>                      "seeking detected on stream #%d with time base (%d/%d) and "

Michael Niedermayer Dec. 26, 2022, 9:39 p.m. UTC | #3

On Mon, Dec 26, 2022 at 11:11:46AM -0300, James Almer wrote:
> On 12/25/2022 7:03 PM, Michael Niedermayer wrote:
> > Fixes: signed integer overflow: 48000 * 223587 cannot be represented in type 'int'
> > Fixes: 54513/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5817594836025344
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >   libavformat/mxfdec.c | 4 ++--
> >   1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> > index e6118e141d..6150c131ec 100644
> > --- a/libavformat/mxfdec.c
> > +++ b/libavformat/mxfdec.c
> > @@ -3857,8 +3857,8 @@ static int64_t mxf_compute_sample_count(MXFContext *mxf, AVStream *st,
> >       if ((sample_rate.num / sample_rate.den) == 48000) {
> >           return av_rescale_q(edit_unit, sample_rate, track->edit_rate);
> >       } else {
> > -        int remainder = (sample_rate.num * time_base.num) %
> > -                        (time_base.den * sample_rate.den);
> > +        int64_t remainder = (sample_rate.num * (int64_t)time_base.num) %
> > +                        (time_base.den * (int64_t)sample_rate.den);
> 
> Don't undo the vertical alignment, please.

Will apply it with maximal vertical alignment

thx

[...]

Michael Niedermayer Dec. 26, 2022, 9:42 p.m. UTC | #4

On Mon, Dec 26, 2022 at 11:36:28AM +0100, Tomas Härdin wrote:
> sön 2022-12-25 klockan 23:03 +0100 skrev Michael Niedermayer:
> > Fixes: signed integer overflow: 48000 * 223587 cannot be represented
> > in type 'int'
> > Fixes: 54513/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-
> > 5817594836025344
> > 
> > Found-by: continuous fuzzing process 
> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavformat/mxfdec.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> > index e6118e141d..6150c131ec 100644
> > --- a/libavformat/mxfdec.c
> > +++ b/libavformat/mxfdec.c
> > @@ -3857,8 +3857,8 @@ static int64_t
> > mxf_compute_sample_count(MXFContext *mxf, AVStream *st,
> >      if ((sample_rate.num / sample_rate.den) == 48000) {
> >          return av_rescale_q(edit_unit, sample_rate, track-
> > >edit_rate);
> >      } else {
> > -        int remainder = (sample_rate.num * time_base.num) %
> > -                        (time_base.den * sample_rate.den);
> > +        int64_t remainder = (sample_rate.num *
> > (int64_t)time_base.num) %
> > +                        (time_base.den * (int64_t)sample_rate.den);
> >          if (remainder)
> 
> Looks OK. Could use uint64_t also I think

will apply

thx

[...]

[FFmpeg-devel,2/2] avformat/mxfdec: Use 64bit in remainder

Checks

Commit Message

Comments

Patch