diff mbox series

[FFmpeg-devel,1/2] avcodec/rka: use 64bit for srate_pad computation

Message ID 20230305114346.19875-1-michael@niedermayer.cc
State Accepted
Commit cbe5e480aa1679c1dfc20d433e310acd7449af07
Headers show
Series [FFmpeg-devel,1/2] avcodec/rka: use 64bit for srate_pad computation | expand

Commit Message

Michael Niedermayer March 5, 2023, 11:43 a.m. UTC 
Fixes: left shift of 538976288 by 13 places cannot be represented in type 'int'
Fixes: 56148/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RKA_fuzzer-6257370708967424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/rka.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Paul B Mahol March 5, 2023, 4:37 p.m. UTC | #1 
On 3/5/23, Michael Niedermayer <michael@niedermayer.cc> wrote:
> Fixes: left shift of 538976288 by 13 places cannot be represented in type
> 'int'
> Fixes:
> 56148/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RKA_fuzzer-6257370708967424
>

Please make sure that this does not break decoding.

> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/rka.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavcodec/rka.c b/libavcodec/rka.c
> index 2212e3f930..1e6a48568d 100644
> --- a/libavcodec/rka.c
> +++ b/libavcodec/rka.c
> @@ -207,7 +207,7 @@ static int chctx_init(RKAContext *s, ChContext *c,
>      c->bprob[0] = s->bprob[0];
>      c->bprob[1] = s->bprob[1];
>
> -    c->srate_pad = (sample_rate << 13) / 44100 & 0xFFFFFFFCU;
> +    c->srate_pad = ((int64_t)sample_rate << 13) / 44100 & 0xFFFFFFFCU;
>      c->pos_idx = 1;
>
>      for (int i = 0; i < FF_ARRAY_ELEMS(s->bprob[0]); i++)
> --
> 2.17.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
>
Michael Niedermayer March 5, 2023, 7:02 p.m. UTC | #2 
On Sun, Mar 05, 2023 at 05:37:09PM +0100, Paul B Mahol wrote:
> On 3/5/23, Michael Niedermayer <michael@niedermayer.cc> wrote:
> > Fixes: left shift of 538976288 by 13 places cannot be represented in type
> > 'int'
> > Fixes:
> > 56148/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RKA_fuzzer-6257370708967424
> >
> 
> Please make sure that this does not break decoding.

how ?

* Testing all rka files on the internet ? 
i cannot

* Reading the specification ?
i failed to find a public specification

* Generating files that have a high enough sample rate with the binary windows
  encoder?
"ERROR: Unsupported format type." even at 88.2k, well below that point

Also if it worked before its dependant on the compiler, its undefined
bahevior.
For files with more normal sample rates like the sample in our archieve
it produces the same output.

Other ideas ?

thx

[...]
Michael Niedermayer May 21, 2023, 8:47 p.m. UTC | #3 
On Sun, Mar 05, 2023 at 08:02:20PM +0100, Michael Niedermayer wrote:
> On Sun, Mar 05, 2023 at 05:37:09PM +0100, Paul B Mahol wrote:
> > On 3/5/23, Michael Niedermayer <michael@niedermayer.cc> wrote:
> > > Fixes: left shift of 538976288 by 13 places cannot be represented in type
> > > 'int'
> > > Fixes:
> > > 56148/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RKA_fuzzer-6257370708967424
> > >
> > 
> > Please make sure that this does not break decoding.
> 
> how ?
> 
> * Testing all rka files on the internet ? 
> i cannot
> 
> * Reading the specification ?
> i failed to find a public specification
> 
> * Generating files that have a high enough sample rate with the binary windows
>   encoder?
> "ERROR: Unsupported format type." even at 88.2k, well below that point
> 
> Also if it worked before its dependant on the compiler, its undefined
> bahevior.
> For files with more normal sample rates like the sample in our archieve
> it produces the same output.
> 
> Other ideas ?

is above ok or should more testing be done ?

thx

[...]
Paul B Mahol May 21, 2023, 9:05 p.m. UTC | #4 
On 5/21/23, Michael Niedermayer <michael@niedermayer.cc> wrote:
> On Sun, Mar 05, 2023 at 08:02:20PM +0100, Michael Niedermayer wrote:
>> On Sun, Mar 05, 2023 at 05:37:09PM +0100, Paul B Mahol wrote:
>> > On 3/5/23, Michael Niedermayer <michael@niedermayer.cc> wrote:
>> > > Fixes: left shift of 538976288 by 13 places cannot be represented in
>> > > type
>> > > 'int'
>> > > Fixes:
>> > > 56148/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RKA_fuzzer-6257370708967424
>> > >
>> >
>> > Please make sure that this does not break decoding.
>>
>> how ?
>>
>> * Testing all rka files on the internet ?
>> i cannot
>>
>> * Reading the specification ?
>> i failed to find a public specification
>>
>> * Generating files that have a high enough sample rate with the binary
>> windows
>>   encoder?
>> "ERROR: Unsupported format type." even at 88.2k, well below that point
>>
>> Also if it worked before its dependant on the compiler, its undefined
>> bahevior.
>> For files with more normal sample rates like the sample in our archieve
>> it produces the same output.
>>
>> Other ideas ?
>
> is above ok or should more testing be done ?

whatever.

> thx
>
> [...]
>
> --
> Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
>
> it is not once nor twice but times without number that the same ideas make
> their appearance in the world. -- Aristotle
>
Michael Niedermayer June 3, 2023, 6:52 p.m. UTC | #5 
On Sun, May 21, 2023 at 11:05:21PM +0200, Paul B Mahol wrote:
> On 5/21/23, Michael Niedermayer <michael@niedermayer.cc> wrote:
> > On Sun, Mar 05, 2023 at 08:02:20PM +0100, Michael Niedermayer wrote:
> >> On Sun, Mar 05, 2023 at 05:37:09PM +0100, Paul B Mahol wrote:
> >> > On 3/5/23, Michael Niedermayer <michael@niedermayer.cc> wrote:
> >> > > Fixes: left shift of 538976288 by 13 places cannot be represented in
> >> > > type
> >> > > 'int'
> >> > > Fixes:
> >> > > 56148/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RKA_fuzzer-6257370708967424
> >> > >
> >> >
> >> > Please make sure that this does not break decoding.
> >>
> >> how ?
> >>
> >> * Testing all rka files on the internet ?
> >> i cannot
> >>
> >> * Reading the specification ?
> >> i failed to find a public specification
> >>
> >> * Generating files that have a high enough sample rate with the binary
> >> windows
> >>   encoder?
> >> "ERROR: Unsupported format type." even at 88.2k, well below that point
> >>
> >> Also if it worked before its dependant on the compiler, its undefined
> >> bahevior.
> >> For files with more normal sample rates like the sample in our archieve
> >> it produces the same output.
> >>
> >> Other ideas ?
> >
> > is above ok or should more testing be done ?
> 
> whatever.

I assume you are ok with this being applied, so i will apply

thx


[...]
diff mbox series

Patch

diff --git a/libavcodec/rka.c b/libavcodec/rka.c
index 2212e3f930..1e6a48568d 100644
--- a/libavcodec/rka.c
+++ b/libavcodec/rka.c
@@ -207,7 +207,7 @@  static int chctx_init(RKAContext *s, ChContext *c,
     c->bprob[0] = s->bprob[0];
     c->bprob[1] = s->bprob[1];
 
-    c->srate_pad = (sample_rate << 13) / 44100 & 0xFFFFFFFCU;
+    c->srate_pad = ((int64_t)sample_rate << 13) / 44100 & 0xFFFFFFFCU;
     c->pos_idx = 1;
 
     for (int i = 0; i < FF_ARRAY_ELEMS(s->bprob[0]); i++)