Message ID | 20201027162119.19025-4-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | ec7e0d42884b40ce93b6b5e94de5f7849310f8a0 |
Headers | show |
Series | [FFmpeg-devel,1/4] avformat/aiffdec: Check packet size | expand |
Context | Check | Description |
---|---|---|
andriy/PPC64_make | success | Make finished |
andriy/x86_make | success | Make finished |
andriy/x86_make_fate | success | Make fate finished |
andriy/PPC64_make_fate | success | Make fate finished |
On Tue, Oct 27, 2020 at 05:21:19PM +0100, Michael Niedermayer wrote: > Fixes: shift exponent 95 is too large for 32-bit type 'int' > Fixes: 26590/clusterfuzz-testcase-minimized-ffmpeg_dem_SMACKER_fuzzer-5120609937522688 > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/utils.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/libavcodec/utils.c b/libavcodec/utils.c > index 93ac1cd9f0..3d978b390e 100644 > --- a/libavcodec/utils.c > +++ b/libavcodec/utils.c > @@ -1633,8 +1633,11 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba, > > if (ch > 0) { > /* calc from sample rate and channels */ > - if (id == AV_CODEC_ID_BINKAUDIO_DCT) > + if (id == AV_CODEC_ID_BINKAUDIO_DCT) { > + if (sr / 22050 > 22) > + return 0; > return (480 << (sr / 22050)) / ch; > + } > } > > if (id == AV_CODEC_ID_MP3) looks good -- Peter (A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)
On Wed, Oct 28, 2020 at 12:17:47PM +1100, Peter Ross wrote: > On Tue, Oct 27, 2020 at 05:21:19PM +0100, Michael Niedermayer wrote: > > Fixes: shift exponent 95 is too large for 32-bit type 'int' > > Fixes: 26590/clusterfuzz-testcase-minimized-ffmpeg_dem_SMACKER_fuzzer-5120609937522688 > > > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/utils.c | 5 ++++- > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > diff --git a/libavcodec/utils.c b/libavcodec/utils.c > > index 93ac1cd9f0..3d978b390e 100644 > > --- a/libavcodec/utils.c > > +++ b/libavcodec/utils.c > > @@ -1633,8 +1633,11 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba, > > > > if (ch > 0) { > > /* calc from sample rate and channels */ > > - if (id == AV_CODEC_ID_BINKAUDIO_DCT) > > + if (id == AV_CODEC_ID_BINKAUDIO_DCT) { > > + if (sr / 22050 > 22) > > + return 0; > > return (480 << (sr / 22050)) / ch; > > + } > > } > > > > if (id == AV_CODEC_ID_MP3) > > looks good will apply thx [...]
diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 93ac1cd9f0..3d978b390e 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -1633,8 +1633,11 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba, if (ch > 0) { /* calc from sample rate and channels */ - if (id == AV_CODEC_ID_BINKAUDIO_DCT) + if (id == AV_CODEC_ID_BINKAUDIO_DCT) { + if (sr / 22050 > 22) + return 0; return (480 << (sr / 22050)) / ch; + } } if (id == AV_CODEC_ID_MP3)
Fixes: shift exponent 95 is too large for 32-bit type 'int' Fixes: 26590/clusterfuzz-testcase-minimized-ffmpeg_dem_SMACKER_fuzzer-5120609937522688 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/utils.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)