[FFmpeg-cvslog] avcodec/utils: fix 2 integer overflows in get_audio_frame_duration()

Thu, 21 Dec 2023 15:52:02 -0800 

ffmpeg | branch: release/4.4 | Michael Niedermayer <mich...@niedermayer.cc> | 
Sun Jun 18 21:00:03 2023 +0200| [2b20d0a55fa5aa18376f6c225eee9550187aa6fb] | 
committer: Michael Niedermayer

avcodec/utils: fix 2 integer overflows in get_audio_frame_duration()

Fixes: signed integer overflow: 256 * 668003712 cannot be represented in type 
'int'
Fixes: 
59819/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-4674636538052608

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
(cherry picked from commit a4bf559683a999c8faa408fdd8f29bd28a6a47ea)
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2b20d0a55fa5aa18376f6c225eee9550187aa6fb
---

 libavcodec/utils.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index e58e4e494e..2859493696 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -691,9 +691,9 @@ static int get_audio_frame_duration(enum AVCodecID id, int 
sr, int ch, int ba,
     if (sr > 0) {
         /* calc from sample rate */
         if (id == AV_CODEC_ID_TTA)
-            return 256 * sr / 245;
+            return 256ll * sr / 245;
         else if (id == AV_CODEC_ID_DST)
-            return 588 * sr / 44100;
+            return 588ll * sr / 44100;
         else if (id == AV_CODEC_ID_BINKAUDIO_DCT) {
             if (sr / 22050 > 22)
                 return 0;

_______________________________________________
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to