From patchwork Sat May 11 11:34:32 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Kacper Michajlow <kasper93@gmail.com>
X-Patchwork-Id: 48719
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a21:1706:b0:1af:cdee:28c5 with SMTP id nv6csp84675pzb;
        Sat, 11 May 2024 04:35:32 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCU27YqsllcIuWfMwJeAEP3TY/bci6j70XzelPzAsXk6/uGTpNCwZHCHX+L8n6UfdoBDIuPHF+jiHILXfGxeVWvDDH3288Zv5M4IyQ==
X-Google-Smtp-Source: 
 AGHT+IHA6Eh48GgtI5YEcRvzxfCqEKGCTkKj6LskyuBg0szt/054LiiO8K+t7DpCAh5IAiHdSzki
X-Received: by 2002:a50:99d1:0:b0:572:a17d:a302 with SMTP id
 4fb4d7f45d1cf-5734d705b6amr3067480a12.42.1715427332384;
        Sat, 11 May 2024 04:35:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1715427332; cv=none;
        d=google.com; s=arc-20160816;
        b=aJh7W+vbdy+dL3y35e7rM93CyxR1vi8Ddy1ZhEANBosKCo2HSKIW7ZmK2XJVlwqyMN
         TZhEiMa5Lyq5t8nrz4GF2vEoDTOD/PV+P+1TgCU4fS5LSKUXjry//QH3zlf/J3Z7A/yH
         LGep4fEGQGygTr2dkcgeUqUue8pygn97dTK6Kyqhne5C8nFgLrKQvhoHGgFNnSVLxTXU
         2VeqmqEF+j4t/WevnIiJIZSKZNbP4KanU/jJf6KIq8M1PRFqc5YqW2UhPch29isDT6dN
         Yrd/kvBXX32Ntq8DgEDENtCgRV+jsh921wz0uoCH3geTLr8NcR/tArc+GwNuS4QN+5X0
         loNQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:cc:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:mime-version:message-id:date:to:from
         :dkim-signature:delivered-to;
        bh=yCrg79YV1AY6iBN+cQosMJClh6eFriZVUWuvGb9O8BE=;
        fh=VehHF75ibtIiOcMFupA+RvAd8F/HWiWMZFlcjyRnn54=;
        b=XSv0am6w4NjLeW09E346UV5Nfx2O0uxD9bncfe1sqmPQs1LGfbHbnBaBWFFHwEufAJ
         duquEwRW4yffGV5UjYpSAZHimVYVMfrDO2TqMGH8gkHqVs5kaTGyMapupOKhhhOPuWBh
         Vs3C/pZW0urbDMkIZm2jvhdy6GvUu/k8m5j2BoCuYXON8PAspw9nUM+L50pwaryy+EpY
         ywpOMwdSSo6Sb/mRnmIK6bYqUpVITAjciWTvyjkwzB1KP4N01nIIxdmrWxuqNJPNjgEs
         rPiG4DsV53BV4CvUyBJjGO46MsXn2iM9JJD3MKLGH3iH2ODx7bP/LkzxhWYXP0AzuuJE
         hiYQ==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@gmail.com
 header.s=20230601 header.b=STtrmZ5R;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 4fb4d7f45d1cf-5733c2d458fsi2970922a12.342.2024.05.11.04.35.31;
        Sat, 11 May 2024 04:35:32 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@gmail.com
 header.s=20230601 header.b=STtrmZ5R;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 7187768D5D1;
	Sat, 11 May 2024 14:35:28 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-lf1-f43.google.com (mail-lf1-f43.google.com
 [209.85.167.43])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 4A58568D431
 for <ffmpeg-devel@ffmpeg.org>; Sat, 11 May 2024 14:35:22 +0300 (EEST)
Received: by mail-lf1-f43.google.com with SMTP id
 2adb3069b0e04-51ef64d051bso3392697e87.1
 for <ffmpeg-devel@ffmpeg.org>; Sat, 11 May 2024 04:35:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1715427321; x=1716032121; darn=ffmpeg.org;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=nzDvZQNtf3Zn9IHZsf7I5ypKCIjW1baW2UDyYgmFFVU=;
 b=STtrmZ5RaA1nHaiXbYfEefl/P1YD0VgbYOObDwK/+yzGLqJIZwp8dM1Kqqs+uxXJXL
 Fwoc+w43b9lOzVd5mH1SmOdkwEYRJVsyhy1h637uXwunY9MR5MBFsMaQnVg834aZHWf/
 BQUxCIctvNEUU7v3DFLXPG6NuoTexPJs6R/UtPil+dng4OQkmLWj/7aKaWsI699myGce
 1MehEm9R1wa2jMMMLTl700ycLU6gGwW3skPqkdG0JC5LAavMZBI3DJwUjHejiycK6xwr
 L+UGQfep6r7HxDSlyKbfJ+lBVlev0NJxqQwRC4hTRJHxcBBh3g947uoQYd3hFcD/24Sv
 MVQw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1715427321; x=1716032121;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=nzDvZQNtf3Zn9IHZsf7I5ypKCIjW1baW2UDyYgmFFVU=;
 b=GJ9xrZEY+vGv++p67Uqiq5OUbHbaOOsvR5SsNtN4I49jb35WgBXvaOdDCu2IFWJn3U
 NV3erdlK0HTvYkjLHrofO2AtW+JfMroVy7HWzqQ7eNhL4lDdIBjYDjrfRbMD2hdUnPqX
 4LYj/MRhQsWRf1GiFv2XMmnwDPa9gCBdI/0P/TsOU7OFx884CpHZ38Dr3Csb/BkoiNdw
 RJuDYJy9a/g6F+eiZ9kQb2mb2lTsPCJut034i2DoGks27PLu2tJr1C52vG/0ctNWLFwD
 lV27LPAW7Hy7bQ+QktHGBmJG0bXP/sT68r0ywAxLh1iNXgP3govaYtzNaWZqLBTASkbg
 y6nA==
X-Gm-Message-State: AOJu0YxWI+tAfx2TaS9mXQmS+Lhxlutip4Q3f/0EGgGdZt7MVR5hVnNl
 uMvAJ/4x9YBD2oo3hjuJ52FUrH0LjqxDPBjYDSKb6VV/Ymq75MNM2g1AyA==
X-Received: by 2002:a05:6512:201:b0:51d:3a99:f22e with SMTP id
 2adb3069b0e04-5220ff72e3amr2872637e87.59.1715427320619;
 Sat, 11 May 2024 04:35:20 -0700 (PDT)
Received: from localhost.localdomain (89-74-12-251.dynamic.chello.pl.
 [89.74.12.251]) by smtp.gmail.com with ESMTPSA id
 2adb3069b0e04-521f35ad6ccsm984806e87.13.2024.05.11.04.35.19
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 11 May 2024 04:35:20 -0700 (PDT)
From: =?utf-8?q?Kacper_Michaj=C5=82ow?= <kasper93@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Sat, 11 May 2024 13:34:32 +0200
Message-ID: <20240511113432.271-1-kasper93@gmail.com>
X-Mailer: git-send-email 2.43.0
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH] avformat/rpl: reject invalid sample rate
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: =?utf-8?q?Kacper_Michaj=C5=82ow?= <kasper93@gmail.com>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: oXGe+dThRIdF

Fixes overflow check for bit_rate multiplication few lines below.

Found by OSS-Fuzz.

Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
---
 libavformat/rpl.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/rpl.c b/libavformat/rpl.c
index 09d0b68f74..32a762b60a 100644
--- a/libavformat/rpl.c
+++ b/libavformat/rpl.c
@@ -202,6 +202,8 @@ static int rpl_read_header(AVFormatContext *s)
         ast->codecpar->codec_type      = AVMEDIA_TYPE_AUDIO;
         ast->codecpar->codec_tag       = audio_format;
         ast->codecpar->sample_rate     = read_line_and_int(pb, &error);  // audio bitrate
+        if (ast->codecpar->sample_rate < 0)
+            return AVERROR_INVALIDDATA;
         channels                       = read_line_and_int(pb, &error);  // number of audio channels
         error |= read_line(pb, line, sizeof(line));
         ast->codecpar->bits_per_coded_sample = read_int(line, &endptr, &error);  // audio bits per sample