[FFmpeg-cvslog] avcodec/utils: fix 2 integer overflows in get_audio_frame_duration()

Michael Niedermayer git at videolan.org
Mon Oct 30 02:10:06 EET 2023


ffmpeg | branch: release/5.1 | Michael Niedermayer <michael at niedermayer.cc> | Sun Jun 18 21:00:03 2023 +0200| [515c7b21f47df97944969347b28dcba640748de6] | committer: Michael Niedermayer

avcodec/utils: fix 2 integer overflows in get_audio_frame_duration()

Fixes: signed integer overflow: 256 * 668003712 cannot be represented in type 'int'
Fixes: 59819/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-4674636538052608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit a4bf559683a999c8faa408fdd8f29bd28a6a47ea)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=515c7b21f47df97944969347b28dcba640748de6
---

 libavcodec/utils.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index add1e2139b..a0c5eb4808 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -649,9 +649,9 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba,
     if (sr > 0) {
         /* calc from sample rate */
         if (id == AV_CODEC_ID_TTA)
-            return 256 * sr / 245;
+            return 256ll * sr / 245;
         else if (id == AV_CODEC_ID_DST)
-            return 588 * sr / 44100;
+            return 588ll * sr / 44100;
         else if (id == AV_CODEC_ID_BINKAUDIO_DCT) {
             if (sr / 22050 > 22)
                 return 0;



More information about the ffmpeg-cvslog mailing list