Message ID | 20220917211557.11547-2-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 5b23cab5c769d6611a3fe111546d65809046a4d8 |
Headers | show |
Series | [FFmpeg-devel,1/9] avformat/ape: Check frames size | expand |
Context | Check | Description |
---|---|---|
yinshiyou/make_loongarch64 | success | Make finished |
yinshiyou/make_fate_loongarch64 | success | Make fate finished |
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
diff --git a/libavformat/apm.c b/libavformat/apm.c index baf7d2f9412..a3ddc08e83b 100644 --- a/libavformat/apm.c +++ b/libavformat/apm.c @@ -148,7 +148,7 @@ static int apm_read_header(AVFormatContext *s) par->codec_id = AV_CODEC_ID_ADPCM_IMA_APM; par->format = AV_SAMPLE_FMT_S16; par->bit_rate = par->ch_layout.nb_channels * - par->sample_rate * + (int64_t)par->sample_rate * par->bits_per_coded_sample; if ((ret = avio_read(s->pb, buf, APM_FILE_EXTRADATA_SIZE)) < 0)
Fixes: signed integer overflow: -1155522528 * 4 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APM_fuzzer-6580670570299392 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/apm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)