[FFmpeg-devel,5/6] avformat/qcp: Avoid negative nb_rates

Message ID	20210425194014.957-5-michael@niedermayer.cc
State	Accepted
Commit	1b865cc703d29cb307e1fa628aa02940d54eb42a
Headers	show Delivered-To: ffmpegpatchwork2@gmail.com Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; From: Michael Niedermayer <michael@niedermayer.cc> To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> Date: Sun, 25 Apr 2021 21:40:13 +0200 Message-Id: <20210425194014.957-5-michael@niedermayer.cc> In-Reply-To: <20210425194014.957-1-michael@niedermayer.cc> References: <20210425194014.957-1-michael@niedermayer.cc> Subject: [FFmpeg-devel] [PATCH 5/6] avformat/qcp: Avoid negative nb_rates Precedence: list Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Series	[FFmpeg-devel,1/6] avformat/subtitles: Check pts difference before use \| expand [FFmpeg-devel,1/6] avformat/subtitles: Check pts difference before use [FFmpeg-devel,2/6] avformat/msf: Check that channels doesnt overflow during extradata construction [FFmpeg-devel,3/6] avformat/nutdec: Check tmp_size [FFmpeg-devel,4/6] avformat/pp_bnk: Use 64bit in bitrate computation [FFmpeg-devel,5/6] avformat/qcp: Avoid negative nb_rates [FFmpeg-devel,6/6] avformat/realtextdec: Check the pts difference before using it for the duration …

Message ID

20210425194014.957-5-michael@niedermayer.cc

State

Accepted

Commit

1b865cc703d29cb307e1fa628aa02940d54eb42a

Headers

Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun, 25 Apr 2021 21:40:13 +0200
Message-Id: <20210425194014.957-5-michael@niedermayer.cc>
In-Reply-To: <20210425194014.957-1-michael@niedermayer.cc>
References: <20210425194014.957-1-michael@niedermayer.cc>
Subject: [FFmpeg-devel] [PATCH 5/6] avformat/qcp: Avoid negative nb_rates
Precedence: list
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Series

[FFmpeg-devel,1/6] avformat/subtitles: Check pts difference before use | expand

Checks

Context	Check	Description
andriy/x86_make	success	Make finished
andriy/x86_make_fate	success	Make fate finished
andriy/PPC64_make	success	Make finished
andriy/PPC64_make_fate	success	Make fate finished

Context

Check

Description

andriy/x86_make

success

Make finished

andriy/x86_make_fate

success

Make fate finished

andriy/PPC64_make

success

Make finished

andriy/PPC64_make_fate

success

Make fate finished

Commit Message

Michael Niedermayer April 25, 2021, 7:40 p.m. UTC

Fixes: signed integer overflow: 2 * -1725947872 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_QCP_fuzzer-6726807632084992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/qcp.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavformat/qcp.c b/libavformat/qcp.c
index 168030dc16..4478875f2d 100644
--- a/libavformat/qcp.c
+++ b/libavformat/qcp.c
@@ -93,7 +93,8 @@  static int qcp_read_header(AVFormatContext *s)
     QCPContext    *c  = s->priv_data;
     AVStream      *st = avformat_new_stream(s, NULL);
     uint8_t       buf[16];
-    int           i, nb_rates;
+    int           i;
+    unsigned      nb_rates;
 
     if (!st)
         return AVERROR(ENOMEM);

[FFmpeg-devel,5/6] avformat/qcp: Avoid negative nb_rates

Checks

Commit Message

Patch