| Message ID | 20220704223034.15056-3-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | 0740641e932551342cc1737d981e950ecffa3b63 |
| Headers | show |
| Series | [FFmpeg-devel,1/3] tools/target_dec_fuzzer: Adjust threshold for CFHD | expand |
| Context | Check | Description |
|---|---|---|
| yinshiyou/make_loongarch64 | success | Make finished |
| yinshiyou/make_fate_loongarch64 | success | Make fate finished |
| andriy/make_x86 | success | Make finished |
| andriy/make_fate_x86 | success | Make fate finished |
| andriy/make_armv7_RPi4 | success | Make finished |
| andriy/make_fate_armv7_RPi4 | success | Make fate finished |
On Tue, Jul 05, 2022 at 12:30:34AM +0200, Michael Niedermayer wrote: > Fixes: signed integer overflow: 315680096256 * 134215943 cannot be represented in type 'long long' > Fixes: 48713/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5886272312311808 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/iff.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) will apply [...]
diff --git a/libavformat/iff.c b/libavformat/iff.c index 3c861ef34d..b37600605a 100644 --- a/libavformat/iff.c +++ b/libavformat/iff.c @@ -384,7 +384,7 @@ static int read_dst_frame(AVFormatContext *s, AVPacket *pkt) avio_skip(pb, 1); pkt->flags |= AV_PKT_FLAG_KEY; pkt->stream_index = 0; - pkt->duration = 588LL * s->streams[0]->codecpar->sample_rate / 44100; + pkt->duration = s->streams[0]->codecpar->sample_rate / 75; pkt->pos = chunk_pos; chunk_pos = avio_tell(pb); @@ -397,7 +397,8 @@ static int read_dst_frame(AVFormatContext *s, AVPacket *pkt) case ID_FRTE: if (data_size < 4) return AVERROR_INVALIDDATA; - s->streams[0]->duration = avio_rb32(pb) * 588LL * s->streams[0]->codecpar->sample_rate / 44100; + s->streams[0]->duration = avio_rb32(pb) * (uint64_t)s->streams[0]->codecpar->sample_rate / 75; + break; }
Fixes: signed integer overflow: 315680096256 * 134215943 cannot be represented in type 'long long' Fixes: 48713/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5886272312311808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/iff.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)