Message ID | 20221225220323.20968-2-michael@niedermayer.cc |
---|---|
State | New |
Headers | show |
Series | [FFmpeg-devel,1/2] avcodec/hdrdec: Check for end of input in decompress() | expand |
Context | Check | Description |
---|---|---|
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
sön 2022-12-25 klockan 23:03 +0100 skrev Michael Niedermayer: > Fixes: signed integer overflow: 48000 * 223587 cannot be represented > in type 'int' > Fixes: 54513/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer- > 5817594836025344 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/mxfdec.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c > index e6118e141d..6150c131ec 100644 > --- a/libavformat/mxfdec.c > +++ b/libavformat/mxfdec.c > @@ -3857,8 +3857,8 @@ static int64_t > mxf_compute_sample_count(MXFContext *mxf, AVStream *st, > if ((sample_rate.num / sample_rate.den) == 48000) { > return av_rescale_q(edit_unit, sample_rate, track- > >edit_rate); > } else { > - int remainder = (sample_rate.num * time_base.num) % > - (time_base.den * sample_rate.den); > + int64_t remainder = (sample_rate.num * > (int64_t)time_base.num) % > + (time_base.den * (int64_t)sample_rate.den); > if (remainder) Looks OK. Could use uint64_t also I think /Tomas
On 12/25/2022 7:03 PM, Michael Niedermayer wrote: > Fixes: signed integer overflow: 48000 * 223587 cannot be represented in type 'int' > Fixes: 54513/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5817594836025344 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/mxfdec.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c > index e6118e141d..6150c131ec 100644 > --- a/libavformat/mxfdec.c > +++ b/libavformat/mxfdec.c > @@ -3857,8 +3857,8 @@ static int64_t mxf_compute_sample_count(MXFContext *mxf, AVStream *st, > if ((sample_rate.num / sample_rate.den) == 48000) { > return av_rescale_q(edit_unit, sample_rate, track->edit_rate); > } else { > - int remainder = (sample_rate.num * time_base.num) % > - (time_base.den * sample_rate.den); > + int64_t remainder = (sample_rate.num * (int64_t)time_base.num) % > + (time_base.den * (int64_t)sample_rate.den); Don't undo the vertical alignment, please. > if (remainder) > av_log(mxf->fc, AV_LOG_WARNING, > "seeking detected on stream #%d with time base (%d/%d) and "
On Mon, Dec 26, 2022 at 11:11:46AM -0300, James Almer wrote: > On 12/25/2022 7:03 PM, Michael Niedermayer wrote: > > Fixes: signed integer overflow: 48000 * 223587 cannot be represented in type 'int' > > Fixes: 54513/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5817594836025344 > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavformat/mxfdec.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c > > index e6118e141d..6150c131ec 100644 > > --- a/libavformat/mxfdec.c > > +++ b/libavformat/mxfdec.c > > @@ -3857,8 +3857,8 @@ static int64_t mxf_compute_sample_count(MXFContext *mxf, AVStream *st, > > if ((sample_rate.num / sample_rate.den) == 48000) { > > return av_rescale_q(edit_unit, sample_rate, track->edit_rate); > > } else { > > - int remainder = (sample_rate.num * time_base.num) % > > - (time_base.den * sample_rate.den); > > + int64_t remainder = (sample_rate.num * (int64_t)time_base.num) % > > + (time_base.den * (int64_t)sample_rate.den); > > Don't undo the vertical alignment, please. Will apply it with maximal vertical alignment thx [...]
On Mon, Dec 26, 2022 at 11:36:28AM +0100, Tomas Härdin wrote: > sön 2022-12-25 klockan 23:03 +0100 skrev Michael Niedermayer: > > Fixes: signed integer overflow: 48000 * 223587 cannot be represented > > in type 'int' > > Fixes: 54513/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer- > > 5817594836025344 > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavformat/mxfdec.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c > > index e6118e141d..6150c131ec 100644 > > --- a/libavformat/mxfdec.c > > +++ b/libavformat/mxfdec.c > > @@ -3857,8 +3857,8 @@ static int64_t > > mxf_compute_sample_count(MXFContext *mxf, AVStream *st, > > if ((sample_rate.num / sample_rate.den) == 48000) { > > return av_rescale_q(edit_unit, sample_rate, track- > > >edit_rate); > > } else { > > - int remainder = (sample_rate.num * time_base.num) % > > - (time_base.den * sample_rate.den); > > + int64_t remainder = (sample_rate.num * > > (int64_t)time_base.num) % > > + (time_base.den * (int64_t)sample_rate.den); > > if (remainder) > > Looks OK. Could use uint64_t also I think will apply thx [...]
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index e6118e141d..6150c131ec 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -3857,8 +3857,8 @@ static int64_t mxf_compute_sample_count(MXFContext *mxf, AVStream *st, if ((sample_rate.num / sample_rate.den) == 48000) { return av_rescale_q(edit_unit, sample_rate, track->edit_rate); } else { - int remainder = (sample_rate.num * time_base.num) % - (time_base.den * sample_rate.den); + int64_t remainder = (sample_rate.num * (int64_t)time_base.num) % + (time_base.den * (int64_t)sample_rate.den); if (remainder) av_log(mxf->fc, AV_LOG_WARNING, "seeking detected on stream #%d with time base (%d/%d) and "
Fixes: signed integer overflow: 48000 * 223587 cannot be represented in type 'int' Fixes: 54513/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5817594836025344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/mxfdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)