Apr 19, 2020, 16:05 by mich...@niedermayer.cc: > Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type > 'int' > Fixes: > 19950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINKAUDIO_DCT_fuzzer-5765514337189888 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > --- > libavcodec/binkaudio.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/libavcodec/binkaudio.c b/libavcodec/binkaudio.c > index 64a08b8608..2df3dc645a 100644 > --- a/libavcodec/binkaudio.c > +++ b/libavcodec/binkaudio.c > @@ -106,6 +106,9 @@ static av_cold int decode_init(AVCodecContext *avctx) > avctx->sample_fmt = AV_SAMPLE_FMT_FLTP; > } > > + if (sample_rate >= INT_MAX) > + return AVERROR_INVALIDDATA; > + > s->frame_len = 1 << frame_len_bits; > s->overlap_len = s->frame_len / 16; > s->block_size = (s->frame_len - s->overlap_len) * s->channels; >
Did you even bother to look at the checks you added in this decoder previously? Specifically 11 lines above? > if (sample_rate > INT_MAX / avctx->channels) > return AVERROR_INVALIDDATA; > sample_rate *= avctx->channels; To start with the sample rate of the avctx is already checked in utils.c, and you still haven't cleaned up any decoders from the checks made unnecessary by you, so am reminding you again to clean up the codebase by getting rid of them. At least you might get to clean the codebase for once rather than adding crap like this. So there's only the branch which I quoted that's needed to be fixed, and since there's a check there already, there's no reason to have a check here as well. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
