From patchwork Sun Sep 18 17:14:04 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 38008
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:3b1c:b0:96:9ee8:5cfd with SMTP id c28csp790791pzh;
        Sun, 18 Sep 2022 10:14:41 -0700 (PDT)
X-Google-Smtp-Source: 
 AMsMyM5JxHpn6QQdT2joXaijQA3xynURzKg+9/dN2sP2cR7hq28ayLfBzpLpct0j0JIYc2Plo1Bx
X-Received: by 2002:a05:6402:5179:b0:44e:d177:3a21 with SMTP id
 d25-20020a056402517900b0044ed1773a21mr12621930ede.20.1663521281752;
        Sun, 18 Sep 2022 10:14:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1663521281; cv=none;
        d=google.com; s=arc-20160816;
        b=mR5WAMUu5Dzgdj8ioftDffyOwplwF8Q7vYdSLwPeXSkahmNCHHK19j6qKyEG/S/cYA
         WK0Vh/1oBvJ7ojVmPbfDrnmqVOa+pHWvM4FtyvtojngNCHp3p02a6w9BP8mszJulYAZ4
         jL56A4UmdbeN1JhpqKl+OOI3TzVm3TU7q/nOY7HGQOpJRY82UBFKwVvid6BkTbbK1Q3O
         gJUro/QNMHHV85Qs6TSsFLCuVyW81wKsStA6LwUdd8UUz4TXArkW6Y3Pr7yGAEnQmrEr
         GMCpddfcOkRN8G3IJcMEKKmwnUuDrI7R7aShPdoKo4s3QmrdYzkDaYKJ6xyxPi/qumKc
         wEKw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:delivered-to;
        bh=+u/WQhsQSTunRYvHOkyP37RJvYlQS92e+lD1MEnknm0=;
        b=tuHHw/azhMh+4VEn96KqmvPb6BURcGxfIwW7BHMPeoSjPj/UlWz1a6NO6VBNcq/yZj
         2o0FPDTMXLUn0euiptzvYbj0QNvSBY022lwJzCNzQLiZtu6JY0ws+I6t/n7Ws2SYOdIV
         ZzwB55OzsB9kUc7Sqe1vjxDsqC5iSp1w968Ns5V8z65f06BGtvxK1k3XvVKu1w1d4kZl
         IVXkaPIV1nGWlz1l99/MmhByJJ/p3jIvD4tjG1p5KbzrErpRQy9qgy8Xa5cDN7i1ckcx
         DjXEi8ie393DJEe5ACHF32Cje4wVj7yGxY7qU2n/UmhAFTikR7vnVNcU/tyD5sJSy8pV
         X5pA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 oz19-20020a1709077d9300b0073d6e50e564si4402039ejc.348.2022.09.18.10.14.41;
        Sun, 18 Sep 2022 10:14:41 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 7BE3268BB92;
	Sun, 18 Sep 2022 20:14:21 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from vie01a-dmta-at02-1.mx.upcmail.net
 (vie01a-dmta-at02-1.mx.upcmail.net [62.179.121.148])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 307B368BB10
 for <ffmpeg-devel@ffmpeg.org>; Sun, 18 Sep 2022 20:14:13 +0300 (EEST)
Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net)
 by vie01a-dmta-at02.mx.upcmail.net with esmtp (Exim 4.92)
 (envelope-from <michael@niedermayer.cc>) id 1oZxrw-0047Wn-IS
 for ffmpeg-devel@ffmpeg.org; Sun, 18 Sep 2022 19:14:12 +0200
Received: from ren-mail-psmtp-mg01. ([80.109.253.241])
 by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP
 id Zxrtom0018s8UZxrwoH678; Sun, 18 Sep 2022 19:14:12 +0200
Received: from localhost ([213.47.68.29]) by ren-mail-psmtp-mg01. with ESMTP
 id ZxrwoprDNOG5ZZxrwonHic; Sun, 18 Sep 2022 19:14:12 +0200
X-Env-Mailfrom: michael@niedermayer.cc
X-Env-Rcptto: ffmpeg-devel@ffmpeg.org
X-SourceIP: 213.47.68.29
X-CNFS-Analysis: v=2.4 cv=KJo5sHJo c=1 sm=1 tr=0 ts=632751e4
 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17
 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=NEAV23lmAAAA:8
 a=u4XmoYmZO0_MhMR3n0sA:9
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun, 18 Sep 2022 19:14:04 +0200
Message-Id: <20220918171410.31835-7-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20220918171410.31835-1-michael@niedermayer.cc>
References: <20220918171410.31835-1-michael@niedermayer.cc>
X-CMAE-Envelope: 
 MS4wfF2HMG47EhbXeicF2ElTeURRlJxsumEeX1rHC4CqCix3UrXTjhBVuorQGqC7Mx1oZFuD4pTXVI/6i+hEa29qK8iizAJjwJ0YB5Q/KB1pkBImB11Mo8Cc
 SGDNy8FESyJmA05wmEOm45ZQr8dZkF/LiCaUY/iM4n1gdFEC7bU4+FBgZ4xe2J6SxmSS8bEF5zjvKw==
Subject: [FFmpeg-devel] [PATCH 07/13] avformat/sdsdec: Use av_rescale() to
 avoid intermediate overflow in duration calculation
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: sfb3pDFRKPzG

Fixes: signed integer overflow: 72128794995445727 * 240 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SDS_fuzzer-6628185583779840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/sdsdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/sdsdec.c b/libavformat/sdsdec.c
index f98096dca98..d296500beca 100644
--- a/libavformat/sdsdec.c
+++ b/libavformat/sdsdec.c
@@ -112,7 +112,7 @@ static int sds_read_header(AVFormatContext *ctx)
     st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO;
     st->codecpar->ch_layout.nb_channels = 1;
     st->codecpar->sample_rate = sample_period ? 1000000000 / sample_period : 16000;
-    st->duration = (avio_size(pb) - 21) / (127) * s->size / 4;
+    st->duration = av_rescale((avio_size(pb) - 21) / 127,  s->size, 4);
 
     avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate);