| Message ID | 20230305114346.19875-1-michael@niedermayer.cc |
|---|---|
| State | New |
| Headers | show |
| Series | [FFmpeg-devel,1/2] avcodec/rka: use 64bit for srate_pad computation | expand |
On 3/5/23, Michael Niedermayer <michael@niedermayer.cc> wrote: > Fixes: left shift of 538976288 by 13 places cannot be represented in type > 'int' > Fixes: > 56148/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RKA_fuzzer-6257370708967424 > Please make sure that this does not break decoding. > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/rka.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/rka.c b/libavcodec/rka.c > index 2212e3f930..1e6a48568d 100644 > --- a/libavcodec/rka.c > +++ b/libavcodec/rka.c > @@ -207,7 +207,7 @@ static int chctx_init(RKAContext *s, ChContext *c, > c->bprob[0] = s->bprob[0]; > c->bprob[1] = s->bprob[1]; > > - c->srate_pad = (sample_rate << 13) / 44100 & 0xFFFFFFFCU; > + c->srate_pad = ((int64_t)sample_rate << 13) / 44100 & 0xFFFFFFFCU; > c->pos_idx = 1; > > for (int i = 0; i < FF_ARRAY_ELEMS(s->bprob[0]); i++) > -- > 2.17.1 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". >
On Sun, Mar 05, 2023 at 05:37:09PM +0100, Paul B Mahol wrote: > On 3/5/23, Michael Niedermayer <michael@niedermayer.cc> wrote: > > Fixes: left shift of 538976288 by 13 places cannot be represented in type > > 'int' > > Fixes: > > 56148/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RKA_fuzzer-6257370708967424 > > > > Please make sure that this does not break decoding. how ? * Testing all rka files on the internet ? i cannot * Reading the specification ? i failed to find a public specification * Generating files that have a high enough sample rate with the binary windows encoder? "ERROR: Unsupported format type." even at 88.2k, well below that point Also if it worked before its dependant on the compiler, its undefined bahevior. For files with more normal sample rates like the sample in our archieve it produces the same output. Other ideas ? thx [...]
diff --git a/libavcodec/rka.c b/libavcodec/rka.c index 2212e3f930..1e6a48568d 100644 --- a/libavcodec/rka.c +++ b/libavcodec/rka.c @@ -207,7 +207,7 @@ static int chctx_init(RKAContext *s, ChContext *c, c->bprob[0] = s->bprob[0]; c->bprob[1] = s->bprob[1]; - c->srate_pad = (sample_rate << 13) / 44100 & 0xFFFFFFFCU; + c->srate_pad = ((int64_t)sample_rate << 13) / 44100 & 0xFFFFFFFCU; c->pos_idx = 1; for (int i = 0; i < FF_ARRAY_ELEMS(s->bprob[0]); i++)
Fixes: left shift of 538976288 by 13 places cannot be represented in type 'int' Fixes: 56148/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RKA_fuzzer-6257370708967424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/rka.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)