[FFmpeg-devel] [PATCH 2/3] avcodec/exr: Fix overflow with many blocks
Michael Niedermayer
michael at niedermayer.cc
Mon Sep 28 17:13:00 EEST 2020
On Sun, Sep 27, 2020 at 10:21:25AM +0200, Andreas Rheinhardt wrote:
> Michael Niedermayer:
> > Fixes: signed integer overflow: 1073741827 * 8 cannot be represented in type 'int'
> > Fixes: 25621/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6304841641754624
> >
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > ---
> > libavcodec/exr.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libavcodec/exr.c b/libavcodec/exr.c
> > index c80e8eb5e0..8621a8cfe4 100644
> > --- a/libavcodec/exr.c
> > +++ b/libavcodec/exr.c
> > @@ -1783,7 +1783,7 @@ static int decode_frame(AVCodecContext *avctx, void *data,
> > if ((ret = ff_thread_get_buffer(avctx, &frame, 0)) < 0)
> > return ret;
> >
> > - if (bytestream2_get_bytes_left(&s->gb) < nb_blocks * 8)
> > + if (bytestream2_get_bytes_left(&s->gb) < nb_blocks * 8L)
>
> Does this have an advantage over dividing by 8?
probably not anything thats relevant in this case
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
When the tyrant has disposed of foreign enemies by conquest or treaty, and
there is nothing more to fear from them, then he is always stirring up
some war or other, in order that the people may require a leader. -- Plato
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20200928/28f5012a/attachment.sig>
More information about the ffmpeg-devel
mailing list