diff mbox series

[FFmpeg-devel] avcodec/binkaudio: Check sample_rate to avoid integer overflow

Message ID 20200114143645.10358-1-michael@niedermayer.cc
State New
Headers show
Series [FFmpeg-devel] avcodec/binkaudio: Check sample_rate to avoid integer overflow
Related show

Checks

Context Check Description
andriy/ffmpeg-patchwork pending
andriy/ffmpeg-patchwork success Applied patch
andriy/ffmpeg-patchwork success Configure finished
andriy/ffmpeg-patchwork success Make finished
andriy/ffmpeg-patchwork success Make fate finished

Commit Message

Michael Niedermayer Jan. 14, 2020, 2:36 p.m. UTC
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 19950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINKAUDIO_DCT_fuzzer-5765514337189888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/binkaudio.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Paul B Mahol Jan. 14, 2020, 3:04 p.m. UTC | #1
This better belong to generic code.

On 1/14/20, Michael Niedermayer <michael@niedermayer.cc> wrote:
> Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type
> 'int'
> Fixes:
> 19950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINKAUDIO_DCT_fuzzer-5765514337189888
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/binkaudio.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/libavcodec/binkaudio.c b/libavcodec/binkaudio.c
> index 64a08b8608..2df3dc645a 100644
> --- a/libavcodec/binkaudio.c
> +++ b/libavcodec/binkaudio.c
> @@ -106,6 +106,9 @@ static av_cold int decode_init(AVCodecContext *avctx)
>          avctx->sample_fmt = AV_SAMPLE_FMT_FLTP;
>      }
>
> +    if (sample_rate >= INT_MAX)
> +        return AVERROR_INVALIDDATA;
> +
>      s->frame_len     = 1 << frame_len_bits;
>      s->overlap_len   = s->frame_len / 16;
>      s->block_size    = (s->frame_len - s->overlap_len) * s->channels;
> --
> 2.24.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
diff mbox series

Patch

diff --git a/libavcodec/binkaudio.c b/libavcodec/binkaudio.c
index 64a08b8608..2df3dc645a 100644
--- a/libavcodec/binkaudio.c
+++ b/libavcodec/binkaudio.c
@@ -106,6 +106,9 @@  static av_cold int decode_init(AVCodecContext *avctx)
         avctx->sample_fmt = AV_SAMPLE_FMT_FLTP;
     }
 
+    if (sample_rate >= INT_MAX)
+        return AVERROR_INVALIDDATA;
+
     s->frame_len     = 1 << frame_len_bits;
     s->overlap_len   = s->frame_len / 16;
     s->block_size    = (s->frame_len - s->overlap_len) * s->channels;