diff mbox series

[FFmpeg-devel,3/4] avcodec/ffwavesynth: Fix integer overflow in computation of ddphi

Message ID 20200315212058.6324-3-michael@niedermayer.cc
State Accepted
Headers show
Series [FFmpeg-devel,1/4] avformat/asfdec_f: Fix overflow check in get_tag()
Related show

Checks

Context Check Description
andriy/ffmpeg-patchwork pending
andriy/ffmpeg-patchwork success Applied patch
andriy/ffmpeg-patchwork success Configure finished
andriy/ffmpeg-patchwork success Make finished
andriy/ffmpeg-patchwork success Make fate finished

Commit Message

Michael Niedermayer March 15, 2020, 9:20 p.m. UTC
Fixes: signed integer overflow: 1302123111085380114 - -8319005078741256972 cannot be represented in type 'long'
Fixes: 20991/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5148554161291264

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/ffwavesynth.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Nicolas George March 16, 2020, 9:38 a.m. UTC | #1
Michael Niedermayer (12020-03-15):
> Fixes: signed integer overflow: 1302123111085380114 - -8319005078741256972 cannot be represented in type 'long'
> Fixes: 20991/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5148554161291264
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/ffwavesynth.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

No objection from me.

Regards,
Michael Niedermayer March 18, 2020, 7:21 p.m. UTC | #2
On Mon, Mar 16, 2020 at 10:38:31AM +0100, Nicolas George wrote:
> Michael Niedermayer (12020-03-15):
> > Fixes: signed integer overflow: 1302123111085380114 - -8319005078741256972 cannot be represented in type 'long'
> > Fixes: 20991/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5148554161291264
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavcodec/ffwavesynth.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> No objection from me.

will apply

thx

[...]
diff mbox series

Patch

diff --git a/libavcodec/ffwavesynth.c b/libavcodec/ffwavesynth.c
index b9c63abb8d..998e1a4ad6 100644
--- a/libavcodec/ffwavesynth.c
+++ b/libavcodec/ffwavesynth.c
@@ -281,7 +281,7 @@  static int wavesynth_parse_extradata(AVCodecContext *avc)
                 dphi1 = frac64(f1, (int64_t)avc->sample_rate << 16);
                 dphi2 = frac64(f2, (int64_t)avc->sample_rate << 16);
                 in->dphi0 = dphi1;
-                in->ddphi = (dphi2 - dphi1) / dt;
+                in->ddphi = (int64_t)(dphi2 - (uint64_t)dphi1) / dt;
                 if (phi & 0x80000000) {
                     phi &= ~0x80000000;
                     if (phi >= i)