From patchwork Wed Apr  3 22:51:30 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 47776
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:9f96:b0:1a3:b6bb:3029 with SMTP id
 mm22csp708027pzb;
        Wed, 3 Apr 2024 15:51:47 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCUtxHWNXF2Fa5UXuQInRzDO99Lh0YC5pkHicAsggjKdNmw539k61CD0qJ/j4BhkLPHoc2nZfD988VJWoSuTRAm5PqgM3sTwbOm15w==
X-Google-Smtp-Source: 
 AGHT+IHZGb+5Y5ehqh1ycNRDIeNq77izLWktnJQB86DAqqV9WhLjti9w93I+/0pMW83LHjsVh7CO
X-Received: by 2002:aa7:de01:0:b0:56e:418:5558 with SMTP id
 h1-20020aa7de01000000b0056e04185558mr539311edv.29.1712184706944;
        Wed, 03 Apr 2024 15:51:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1712184706; cv=none;
        d=google.com; s=arc-20160816;
        b=RXuLhgwybvK+1KyrKiy58J3aHK9AKSZtiw86gBJXNPeKBmeyhVlvyNbzjHkoLRg1OT
         SjkVnGO1a8mUC6KllezxWcIQyHj1EBCMz/yERsQhUq7rRyOUjYZ7icIdqQCBwxVxGqm5
         qS3mUrisj7C74ASN0feaTmmz5/D+yqfgKEth1gTZAX3X0h+p96lwb4iQ5SVj7GVBjs+T
         Av4QNL1K/LtOfDC6tTxAu+Y5F9g/1b6WEcwNB6Dev1/B8FVS4YK08Er+39vfJqpbVwqC
         yzbFeh2KV6zHAUzKvpgVJQW2Vn4qisNutANpE6u0AE5pcT0MEzKNLsKJL6WdO1TaCRB7
         tSsw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:message-id:date:to:from:dkim-signature
         :delivered-to;
        bh=KIGQ3i7oFF3/c76tTH57t+DgzNg8Vt+5onrcw8IupEk=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=tutfwtCPepPaSOPKD9/6MN0VeAmh98xsizFlYc4uQHrKPzyCM6Pu2cp6zfcVhk+JH+
         VgMgK7gne/+L7Zy9+2rBjAyjrfBWTKLeD06SWboQfOkDc+fuDgq9H6Oql5OATUWSXbGo
         MunYv3J+P5VCTUCgf2TgHVX3SJQZvJUl7BHyGh6msAWdKcEa1vm1W7wUCDEtL1K8c4ee
         zwksI0KfmODRSIR5jxHQhRQ+8ZRu14i6UHQU9thE1lkicqW0AgOanabUXBn2gauOlkuC
         4xK3e4D6/8NEThkQeJGur/XwoOHx6g3vwOKgxmwOCOl77P+LknOawo+k5Ikhb/X7GfsD
         kxwQ==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=a5DVIO1w;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 q6-20020a056402518600b0056bf2d405b6si7523383edd.31.2024.04.03.15.51.46;
        Wed, 03 Apr 2024 15:51:46 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=a5DVIO1w;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 9E72C68D0B7;
	Thu,  4 Apr 2024 01:51:42 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net
 [217.70.183.196])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id BEBCC68CF08
 for <ffmpeg-devel@ffmpeg.org>; Thu,  4 Apr 2024 01:51:35 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id EC0A9E0004
 for <ffmpeg-devel@ffmpeg.org>; Wed,  3 Apr 2024 22:51:34 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1712184695;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc; bh=/J0sgHzxiEYLyziiKSUi6HZ5Rek7u8hIyUkeBWEcFFk=;
 b=a5DVIO1wEqPt2vlD7PPBKIqMCbNTO1Nh+xCmBF/+xRAJd7tfxWHYa0Esz8K8Y2rBOCDjm/
 I/VeJ9+uUng5QEfNvy58tKai44LgsQCfNOv4XeFSZxLYTdSs/piZvThMWcJdSeRwWuK+IH
 4tMeTg4hvR2aIAF6S1QwFxyynkZNUTh3aFLig3EbkEnBPUeflleH57fOifsi4eJOlMmhkk
 pIWWHWLG9tKPvePa72qN1OgjeeUMqPp120S57Pqbk+2Sk98cZUzMJTnj4aXw8tXR/FolY6
 s3KTVcmCV4xNDdFy5H8jLEq9ZpIiHldmMV1BhErp4Likp8XCwdzerKQBQtQW1w==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Thu,  4 Apr 2024 00:51:30 +0200
Message-Id: <20240403225134.31764-1-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 1/5] avcodec/wavarc: fix signed integer
 overflow in block type 6/19
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: SsmCck42JotA

Fixes: signed integer overflow: -2088796289 + -91276551 cannot be represented in type 'int'
Fixes: 67772/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-6533568953122816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/wavarc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/wavarc.c b/libavcodec/wavarc.c
index 7083494cd81..b4b26958e6f 100644
--- a/libavcodec/wavarc.c
+++ b/libavcodec/wavarc.c
@@ -647,7 +647,7 @@ static int decode_5elp(AVCodecContext *avctx,
                 for (int o = 0; o < order; o++)
                     sum += s->filter[ch][o] * (unsigned)samples[n + 70 - o - 1];
 
-                samples[n + 70] += ac_out[n] + (sum >> 4);
+                samples[n + 70] += ac_out[n] + (unsigned)(sum >> 4);
             }
 
             for (int n = 0; n < 70; n++)

From patchwork Wed Apr  3 22:51:31 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 47777
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:9f96:b0:1a3:b6bb:3029 with SMTP id
 mm22csp708087pzb;
        Wed, 3 Apr 2024 15:51:57 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCXNPWY4iy4ZttMCLMJFsMkRIC92XkbZV2x+xTAPS3B+TqarIRPnphPnyPYlUuGbd63dgVYDEphKrZw4G0TRUcdbBN+R8B2v8biWuQ==
X-Google-Smtp-Source: 
 AGHT+IHFYKZ2Y+cVe6cLoeeU5jmr2qgJrSx0BV3prpVRwnuaC3laZRvm5/lgHJeQQyOiIj7B7JzA
X-Received: by 2002:a17:906:e28a:b0:a51:79c3:b772 with SMTP id
 gg10-20020a170906e28a00b00a5179c3b772mr393143ejb.7.1712184716787;
        Wed, 03 Apr 2024 15:51:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1712184716; cv=none;
        d=google.com; s=arc-20160816;
        b=IZB+bVbkpfQYhFrpkIyn1jwfvF3QDU4Lxe/LNBnY3o0I+m3GTTsX5YfVFFPuVdOrVm
         wUxWCiLYD5NzRUzNiramJuIfNFw0tXNFjSYrCZgAPPzq1Few6jNENJBNIPolvkp+xXS6
         hxWdftH0dOJG1ACGjum7s2h+FYyHCtBtYZKcvntQNHlBcJ0+NqauypZQ+ssEO63lHKkB
         hPO8320t+QN06vKbJ7zYyou104BDkzmW92anO5BqaKfCTkfI9LLOpmDPA7zvQC+TKN7K
         zEgCRwMNibOQOpo2ciiNqcCmO1cMnDac/yVJ7TKTfcE728cgm4iqJA8nkL/yRqOTbrfb
         xbWw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:dkim-signature:delivered-to;
        bh=lMuE2FFjr9/X2moMtkL24PlOEuP0xady1cQCvLpYpP8=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=nVRWkEcspVfa+g1Fc2cvQl624+CfWsS6YaAiQbUloYXy7/PfzPcc0+9NjnSnL+qQke
         g3yljvkChr+gTnvpSTDvknVfim+6erpbwt9kDRXoaWjI4ZKQ4iptHfJ4J2tjrkYwGs6W
         Fje8yCgyuM5XPgDQ4Bw5F3UZ27ejJr/hHmbVlNL4RZFNEOga35NHMpz4gqzYf/4CuQS8
         zuuhtHEE+EYso0DfkhsfzAn74CfaVKQdvQfFO8ulKCLNGaKFpccjSvXOCzc+PeB0EfdR
         bgxUJoIMijrG7Xl5MVEYAapYbES8SyYBaX6Dq1bsfkuGutqlBLu6aR8kq+t5zBZzrIMd
         Knsg==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=fgyb0EBW;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 ko17-20020a170906aa1100b00a46678754a2si6974483ejb.801.2024.04.03.15.51.56;
        Wed, 03 Apr 2024 15:51:56 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=fgyb0EBW;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A227468CF08;
	Thu,  4 Apr 2024 01:51:43 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net
 [217.70.183.196])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 4232168CF08
 for <ffmpeg-devel@ffmpeg.org>; Thu,  4 Apr 2024 01:51:36 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 9B2E2E0005
 for <ffmpeg-devel@ffmpeg.org>; Wed,  3 Apr 2024 22:51:35 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1712184695;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:in-reply-to:in-reply-to:references:references;
 bh=BS+CqGtzbYfDschlL5tpl5d0ZsrVyqttQmGFngcuU6s=;
 b=fgyb0EBWCqbzoQRSG0wUy9mjQOPe5t7aFWeEb82anZtBoOGW0N4k84Tlwepf7/12MTE4G1
 Jasg6fh5wx03mTTV5zXGd0E3EfkQ4JyJN9VtrbcmevcvU0N7lkSPT1G2gEAzgi0IGyYTZ1
 pbm3oN+CZf+x0AYWrmY43siZwUNwZ/JWf+WOpt8Eqrn7tMGahXz2IoCSM7AMqYhRCKAUzC
 5z1WX1chSP+fNN6g3IjHZiE/oTe7HODTi3gjcsEmnZLAL8YFfdNiRghXArvSaBxzXPkdLe
 Vhyurwtjch3Bu9bE2i4esFyItk6/Dia69QZ8z2zTNKohBHZ5mdX7MF2PJDFDMg==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Thu,  4 Apr 2024 00:51:31 +0200
Message-Id: <20240403225134.31764-2-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20240403225134.31764-1-michael@niedermayer.cc>
References: <20240403225134.31764-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 2/5] avformat/iamf_parse: Check sound_system
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: 75HjH1EpK5Cl

Fixes: index 13 out of bounds for type 'const struct IAMFSoundSystemMap [13]'
Fixes: 67796/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-4554553191104512

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/iamf_parse.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavformat/iamf_parse.c b/libavformat/iamf_parse.c
index 3867adb1172..f8074c2de1c 100644
--- a/libavformat/iamf_parse.c
+++ b/libavformat/iamf_parse.c
@@ -934,6 +934,10 @@ static int mix_presentation_obu(void *s, IAMFContext *c, AVIOContext *pb, int le
             if (submix_layout->layout_type == 2) {
                 int sound_system;
                 sound_system = (byte >> 2) & 0xF;
+                if (sound_system >= FF_ARRAY_ELEMS(ff_iamf_sound_system_map)) {
+                    ret = AVERROR_INVALIDDATA;
+                    goto fail;
+                }
                 av_channel_layout_copy(&submix_layout->sound_system, &ff_iamf_sound_system_map[sound_system].layout);
             }
 

From patchwork Wed Apr  3 22:51:32 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 47778
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:9f96:b0:1a3:b6bb:3029 with SMTP id
 mm22csp708134pzb;
        Wed, 3 Apr 2024 15:52:05 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCWDj3ucH2VnBMQhMHN/eKR6Jz5mf8rQvHAms+IV0EhVBcL2JYbYr+1DPOnUVPkwWj9WuoPDlxL+J51TvdXfGYCJ68pQkQ1GALHGOw==
X-Google-Smtp-Source: 
 AGHT+IE8runwRAS79xdXTHMl/fDPtZNYHT9Tn19TWbQqR9hXuSPaIiGhNdE35KkyQ+PCCWU7EGwj
X-Received: by 2002:ac2:4d91:0:b0:516:a25e:7909 with SMTP id
 g17-20020ac24d91000000b00516a25e7909mr424363lfe.2.1712184725047;
        Wed, 03 Apr 2024 15:52:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1712184725; cv=none;
        d=google.com; s=arc-20160816;
        b=0C6osADOGQNnXO9BI2Fx019i+NWH0GECCm+VSpqWWCVtLRWZdNDCP+aUYx3g+GfIE6
         UuSXa7Cq9XH9/HQn+HMAghkYvTEvJTAo/ALksaBN5qqj2mMMYWGW8K8oQUbdkKvKNugq
         +8eSjtiMOaWlGUTANK3+MNSQJHEqmEJnPMIIbdO059o09njjFz3MMAVRLHUmP2XhmiA+
         PWpdS2PHmQqbu94w9OuxHKTmVRrbzGGat4rIKTaYQhCImYNMWBJxMPbqFy6IC3Wn82B4
         04hBMEc3LU3NaWOsHPzHpwDpk39cWsyHJyrDNbDnWyuirogG1IsSdUGJYkVyJLF04JkI
         NQ/Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:dkim-signature:delivered-to;
        bh=6shEeMZexh6Oso1PUh7WccHwm/fFec/OdgT7B/E69yo=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=bxLcw2U9xUFp9OWPzyvxWhykRkRyOzdHObAGvgnmANmZmDFK4SkVy/oEWydsAexody
         xhF2ZXraQqPLvTiaZ21bMyDMFFC0+SMQ8VQRDAsRMRs9lfo2k0KxwoCAkMpKcnalqSoe
         7ZaMU9fkAvH/HTPjbCtt26gb09tdfuEtt26oqThlQigd4hWiPidaPr1A5BT7z8/gi6Ka
         YX4UvzDNZYuvn//82TIapF1XzUN7Jg/0wjrWi7omhqGgWtencxePVs9xiBFMqLkHEEya
         BdQmFJZJQsovB6F2BpBWSpM9XiNf/ldv8ezDR8437gY/TvpHjESwzuyibESm+0g5MHbY
         NlmA==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b="K6/7guUM";
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 y17-20020a17090668d100b00a4e876843f4si2241399ejr.542.2024.04.03.15.52.04;
        Wed, 03 Apr 2024 15:52:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b="K6/7guUM";
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C144468D0D2;
	Thu,  4 Apr 2024 01:51:44 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net
 [217.70.183.201])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8F8F168CB86
 for <ffmpeg-devel@ffmpeg.org>; Thu,  4 Apr 2024 01:51:37 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id BCC661BF204
 for <ffmpeg-devel@ffmpeg.org>; Wed,  3 Apr 2024 22:51:36 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1712184696;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:in-reply-to:in-reply-to:references:references;
 bh=KdP6gybbGZz76uH2taJ7EWrhQIWsAsQvpu2/scKbPEw=;
 b=K6/7guUMbKlpBgsmJ8x5UtaDHYHdHIGRTZx0ILexS0lPrW/nlo/Rh2FV3M7xXQb/QSvWrA
 ad1n8/uNaVw6UexUrccZnzWDoma/oolLpuig4AF1mSbCgnd4ABoxoKvs7ZLydSWYmnvBdz
 DnHts4rZhhjl2Br09GHpD68aFkUZIH86eUeDoLSdsTO9NYbDflOzak0Kq1AIKKRaaj34b6
 2yxVie4GMOSevAxh4gA/EKWR+ZumaIroChAq/2ZxWJZZ9aw+gcnU/ppOzay+jT1IAaBDg6
 qvJnCLYs4hREZftHmYzvMlJhRuX9MWGUPjL71pRpkozrUY+Vq0cSkoFzrz7siA==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Thu,  4 Apr 2024 00:51:32 +0200
Message-Id: <20240403225134.31764-3-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20240403225134.31764-1-michael@niedermayer.cc>
References: <20240403225134.31764-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 3/5] swscale/utils: Fix xInc overflow
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: 38xe/Ew2OLxh

Fixes: signed integer overflow: 2 * 1073741824 cannot be represented in type 'int'
Fixes: 67802/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-6249515855183872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libswscale/utils.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libswscale/utils.c b/libswscale/utils.c
index d34c8d1641e..df14eb016ce 100644
--- a/libswscale/utils.c
+++ b/libswscale/utils.c
@@ -593,7 +593,7 @@ static av_cold int initFilter(int16_t **outFilter, int32_t **filterPos,
                 filter[i * filterSize + j] = coeff;
                 xx++;
             }
-            xDstInSrc += 2 * xInc;
+            xDstInSrc += 2LL * xInc;
         }
     }
 

From patchwork Wed Apr  3 22:51:33 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 47779
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:9f96:b0:1a3:b6bb:3029 with SMTP id
 mm22csp708184pzb;
        Wed, 3 Apr 2024 15:52:14 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCWH1jpnrbh4HSYJso9pci1rayIHUzeXchGrUKGn5GQfNc5mUS/+c43BgD7DQ6lOS5k7wQq42I0GkFOjjyIWCvr+9JOjztfiSnObRw==
X-Google-Smtp-Source: 
 AGHT+IHV/ek499oB6829xFVN3p+88XoltjQ8vzIau2SXX6OAV17iY5CH4DuVa4nwk31s3gkFOP4s
X-Received: by 2002:a50:8d55:0:b0:56d:c5c2:f7f8 with SMTP id
 t21-20020a508d55000000b0056dc5c2f7f8mr464765edt.5.1712184734112;
        Wed, 03 Apr 2024 15:52:14 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1712184734; cv=none;
        d=google.com; s=arc-20160816;
        b=AhgZqbLi32mq9wwXV9Kw/uTw5ox60eZgDtAzLSVWOEIFO2LkrfWpCbWPuqNjV4lSrP
         j2/04HSM0WuBzCAi2fDIYvocBx9K2xfGgk6R1vi+5j3dIVsDbbN9enRlLQ4Ht9crvJBr
         FgkdiGpyCINaO1aB7SoePmbNQXM+8MD/wFxcZV4Xttr0nRZsL4AxP9MwEtmCNNg2ELT9
         IXeT7nlC+tfX92JC35/UM+OaMaSWWTpbTyG/0ZCJRp7kW+shF96c92MY/jg+3OMk+KVJ
         BWzuIfxmIDCRtp+1NN2ivsdMvTCG3Ver/Zjn0qcmTClLMHU7gcV6KUERII8enTWoQZz0
         1aTQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:dkim-signature:delivered-to;
        bh=7VqrT4Nj17jDWdUBVow9romaNghF1BjCouBenK6uANI=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=PwcmCW84KmIzGJSLr2nQwAe7R13nNZvtQqBV6VrHbJYKMws52UJiHW/2MT3cCcT1JG
         wxGEVSRlBWkGJZQPUeL7un9Lq/v+KKP/p0i8dD0MwESBSiE5HYy6rmLyrSO9h1xHlgM3
         7DNneb3gGvuxH71ogtj28Y91qiUpqO57pY12596omONoPqKq9wop5QQkcTTix8UoUpRp
         Z6wIaH7tP3iDglYNVhrYOKVFaM2EN2Co1rDhluC1wLFU0c/LxpgT7Xp+zkdqcwKoT5Sp
         Al0kDcker6lvi6fkeMkGe7c3J+NWiCqTqNT+J2iNss+qw2Ege0ExrlJThVHXXZgabsiE
         G9Rw==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b="GBc8/jRl";
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 f11-20020a056402354b00b005688020db5dsi7261840edd.568.2024.04.03.15.52.13;
        Wed, 03 Apr 2024 15:52:14 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b="GBc8/jRl";
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B8FC268D15F;
	Thu,  4 Apr 2024 01:51:45 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay5-d.mail.gandi.net (relay5-d.mail.gandi.net
 [217.70.183.197])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 4CB2C68D12D
 for <ffmpeg-devel@ffmpeg.org>; Thu,  4 Apr 2024 01:51:38 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 95AA01C0002
 for <ffmpeg-devel@ffmpeg.org>; Wed,  3 Apr 2024 22:51:37 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1712184697;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:in-reply-to:in-reply-to:references:references;
 bh=Pn/abjTWmcza8wvkCz7zJTug/W/EEDlRDNlhSbHsodA=;
 b=GBc8/jRlOgq+0G4UD4a7sSQ2ZwY98RKYOEyUpiB0aGRakQ5EN4ec4UrcNSuFExDebXo8lP
 C9dYr0agE1eba3EfCJ2mjkvPwlfBkCADXhgD2vGZTLyq3uxRmAmGHeTwiHle3SYrY03Gr3
 SNNxxxHPbCZQ/3Jtqy+P3O256tmKY1505TaBYTQ2Faf6uRl68Ic0zWz0AgVoH1oixm6r9n
 ClGLpZ2nUGnAjcBHs+vaJh+7pa045LQqoq5UsBo05EQGi51jdW1XkDOi6udhBX4mKba5k/
 gRoI1cejvA325V5cPTEnPtDnlvsbn6Xu0aH35LbRzAfklZGGPIoH3e0qBZR49w==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Thu,  4 Apr 2024 00:51:33 +0200
Message-Id: <20240403225134.31764-4-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20240403225134.31764-1-michael@niedermayer.cc>
References: <20240403225134.31764-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 4/5] avformat/mxfdec: Check index_edit_rate
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: zu5SA44KdPBV

Fixes: Assertion b >=0 failed at libavutil/mathematics.c:62
Fixes: 67811/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5108429687422976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/mxfdec.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 04de4c1d5e3..233d614f783 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -1264,6 +1264,9 @@ static int mxf_read_index_table_segment(void *arg, AVIOContext *pb, int tag, int
     case 0x3F0B:
         segment->index_edit_rate.num = avio_rb32(pb);
         segment->index_edit_rate.den = avio_rb32(pb);
+        if (segment->index_edit_rate.num <= 0 ||
+            segment->index_edit_rate.den <= 0)
+            return AVERROR_INVALIDDATA;
         av_log(NULL, AV_LOG_TRACE, "IndexEditRate %d/%d\n", segment->index_edit_rate.num,
                 segment->index_edit_rate.den);
         break;

From patchwork Wed Apr  3 22:51:34 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 47780
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:9f96:b0:1a3:b6bb:3029 with SMTP id
 mm22csp708258pzb;
        Wed, 3 Apr 2024 15:52:22 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCUoHa7sk7m2GpHRCZhEhiPDmApyyllAVOOm7B//KWLYvLF+bxPr6dAiTProMdipw3i//h9Gy+p5rA+UROTeuVW6s7o5EwbYWxhoMg==
X-Google-Smtp-Source: 
 AGHT+IEgK77DMGgtqLoQtfwAdh6dopwv8j3PyzWnkDJ4+pw6mBayNOhcxuEcP58Su3iBT1QGX1Ix
X-Received: by 2002:a05:6402:1a53:b0:56e:10c2:8db3 with SMTP id
 bf19-20020a0564021a5300b0056e10c28db3mr461199edb.4.1712184742483;
        Wed, 03 Apr 2024 15:52:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1712184742; cv=none;
        d=google.com; s=arc-20160816;
        b=AEhLePuBqziI/MZGKGgGys+uEroKwM93zm7YQiHi1NRIP5OHrY1VIFOYo6o9iimPVM
         SfZe7OrAchuiV9TPtIwdTqygw8FQ/xJWQKmTRwsb6CFOEdzs6TY6ZrmMV3w0h60SAGkn
         0ZiSZbCPpa6yftzXAlnZ+9aiAJDSDCsTKVD9AnMDwzUWqlin7LlPJAJEB+b5tJvAgbzH
         GH2EgoIlPw2NjB8Ld9e3+sKokuYdpxh3YErV7uioDzWlE1IghB2Mmy63oC11HIJIRAwy
         TRHwHf2tGpD2r13SjtI0vqYY6MZP1MRP3yXJCvAAEB420185YALK/iZwSLYgsK0OlVII
         ehAg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:dkim-signature:delivered-to;
        bh=eqZInSTFCwnz2h569j8Q684mDfMuGU/1ka+YhPuq45A=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=Uejz2hnHM6up4sqTvSS9EEKOzDKnqdJV4BdU0XvVjZosTIqPf6d/DmJnlPcPxAZetZ
         R2y/zaVnlRxPqO/DnpMv7eLUbkLDyMUT7q/lFSW142dQ0rUHSYPW5uvday0jskzjYdgo
         tInATx/dgCQcvl30fCLBBZeEIU/ecU1VJ2Bmn9YEgDZadKeHbIxh0T8Sy7hZdn+fs081
         l1ZKJD9xwpjcHOPO3a4UM+2267eY7suiivMF4nk6bpl7Tb3xQgMvoS38gOWOdMdfA6CA
         DSmQ6S/yGRUCe55CNpg2wZIDab7jobMKQupQoKaULENVcKuO6HDtEZlihfxTtX0yEndt
         DsQQ==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=mB37F14L;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 r23-20020a50d697000000b0056e07cc31ffsi1043920edi.397.2024.04.03.15.52.22;
        Wed, 03 Apr 2024 15:52:22 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=mB37F14L;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A900568D16F;
	Thu,  4 Apr 2024 01:51:46 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net
 [217.70.183.200])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3F8E568D146
 for <ffmpeg-devel@ffmpeg.org>; Thu,  4 Apr 2024 01:51:39 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 737F520003
 for <ffmpeg-devel@ffmpeg.org>; Wed,  3 Apr 2024 22:51:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1712184698;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:in-reply-to:in-reply-to:references:references;
 bh=cvUzKjjAnFxetOEwKzLGx5XlvtczstixMYmWplqJN+I=;
 b=mB37F14LloKNdBPXkRjWl4jBxOVQJdTZafOWVLkd4liVOW4FFzIgwB7LDVEvFuKEv4exwJ
 ksPrahQHbEHwtPw6Gno9Dofh0gmD0rbwypWUo3Fn6yqz5OWnVUpRyb+JJRp4p2nhK8lpnQ
 BduMDZ+KMCi5DFbtewLbYMEMNNaeWFj3Uo3EbjJKnVraaPFkj638zaRnuHHSNFbxfD9e2g
 FE48aYQ+MqVxF1axZ6otBs3pe+NI60OBp9ftVpmbjHJrBlCo0FsLPnqf+Bp2eQAIvbXMFl
 YhixZ8AYnO5wsVmuznR/WeyNGCnVt/p3F/AQt8mgJbpdWVeC+5RDJiHzwNMgsQ==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Thu,  4 Apr 2024 00:51:34 +0200
Message-Id: <20240403225134.31764-5-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20240403225134.31764-1-michael@niedermayer.cc>
References: <20240403225134.31764-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 5/5] avformat/pcm: Use 64bit in bitrate
 computation
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: urPR30NfmQKn

Fixes: signed integer overflow: 65792 * 65312 cannot be represented in type 'int'
Fixes: 67819/clusterfuzz-testcase-minimized-ffmpeg_dem_WADY_fuzzer-5236100912185344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/pcm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/pcm.c b/libavformat/pcm.c
index 051e86dd464..a774dbc3726 100644
--- a/libavformat/pcm.c
+++ b/libavformat/pcm.c
@@ -41,7 +41,7 @@ int ff_pcm_default_packet_size(AVCodecParameters *par)
     /* Don't trust the codecpar bitrate if we can calculate it ourselves */
     if (bits_per_sample > 0 && par->sample_rate > 0 && par->ch_layout.nb_channels > 0)
         if ((int64_t)par->sample_rate * par->ch_layout.nb_channels < INT64_MAX / bits_per_sample)
-            bitrate = bits_per_sample * par->sample_rate * par->ch_layout.nb_channels;
+            bitrate = bits_per_sample * (int64_t)par->sample_rate * par->ch_layout.nb_channels;
 
     if (bitrate > 0) {
         nb_samples = av_clip64(bitrate / 8 / PCM_DEMUX_TARGET_FPS / par->block_align, 1, max_samples);