diff mbox series

[FFmpeg-devel,3/3] avformat/iff: simplify duration calculation

Message ID 20220704223034.15056-3-michael@niedermayer.cc
State Accepted
Commit 0740641e932551342cc1737d981e950ecffa3b63
Headers show
Series [FFmpeg-devel,1/3] tools/target_dec_fuzzer: Adjust threshold for CFHD | expand

Checks

Context Check Description
yinshiyou/make_loongarch64 success Make finished
yinshiyou/make_fate_loongarch64 success Make fate finished
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished
andriy/make_armv7_RPi4 success Make finished
andriy/make_fate_armv7_RPi4 success Make fate finished

Commit Message

Michael Niedermayer July 4, 2022, 10:30 p.m. UTC
Fixes: signed integer overflow: 315680096256 * 134215943 cannot be represented in type 'long long'
Fixes: 48713/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5886272312311808

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/iff.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Comments

Michael Niedermayer July 12, 2022, 5:59 p.m. UTC | #1
On Tue, Jul 05, 2022 at 12:30:34AM +0200, Michael Niedermayer wrote:
> Fixes: signed integer overflow: 315680096256 * 134215943 cannot be represented in type 'long long'
> Fixes: 48713/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5886272312311808
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/iff.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)

will apply

[...]
diff mbox series

Patch

diff --git a/libavformat/iff.c b/libavformat/iff.c
index 3c861ef34d..b37600605a 100644
--- a/libavformat/iff.c
+++ b/libavformat/iff.c
@@ -384,7 +384,7 @@  static int read_dst_frame(AVFormatContext *s, AVPacket *pkt)
                 avio_skip(pb, 1);
             pkt->flags |= AV_PKT_FLAG_KEY;
             pkt->stream_index = 0;
-            pkt->duration = 588LL * s->streams[0]->codecpar->sample_rate / 44100;
+            pkt->duration = s->streams[0]->codecpar->sample_rate / 75;
             pkt->pos = chunk_pos;
 
             chunk_pos = avio_tell(pb);
@@ -397,7 +397,8 @@  static int read_dst_frame(AVFormatContext *s, AVPacket *pkt)
         case ID_FRTE:
             if (data_size < 4)
                 return AVERROR_INVALIDDATA;
-            s->streams[0]->duration = avio_rb32(pb) * 588LL * s->streams[0]->codecpar->sample_rate / 44100;
+            s->streams[0]->duration = avio_rb32(pb) * (uint64_t)s->streams[0]->codecpar->sample_rate / 75;
+
             break;
         }