Message ID | 20230220192929.4493-2-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | b3df7ca748bf28e41a6fcb6792b485d8eb04b36a |
Headers | show |
Series | [FFmpeg-devel,1/6] avformat/mov: Check samplesize and offset to avoid integer overflow | expand |
Context | Check | Description |
---|---|---|
yinshiyou/make_loongarch64 | success | Make finished |
yinshiyou/make_fate_loongarch64 | success | Make fate finished |
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
diff --git a/libavformat/rka.c b/libavformat/rka.c index cc55480345..39e5b3bce1 100644 --- a/libavformat/rka.c +++ b/libavformat/rka.c @@ -114,7 +114,7 @@ static int rka_read_header(AVFormatContext *s) par->ch_layout.nb_channels = channels; par->sample_rate = samplerate; par->bits_per_raw_sample = bps; - st->duration = nb_samples / (channels * (bps >> 3)); + st->duration = 8LL*nb_samples / (channels * bps); if (s->pb->seekable & AVIO_SEEKABLE_NORMAL) ff_ape_parse_tag(s);
Fixes: division by zero Fixes: 55940/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-6333107679920128 The decoder does not support bps=1 and i have no such sample so it is not known if this duration is correct. Alternatively we could error out on all bps we currently do not support on the decoder side or not set duration. Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/rka.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)