Fixes: signed integer overflow: 32 * 538976288 cannot be represented in type 'int' Fixes: 15633/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5752273981931520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavformat/xmv.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/xmv.c b/libavformat/xmv.c index 29a32f2547..7f12956458 100644 --- a/libavformat/xmv.c +++ b/libavformat/xmv.c @@ -79,7 +79,7 @@ typedef struct XMVAudioPacket { uint16_t channels; ///< Number of channels. int32_t sample_rate; ///< Sampling rate. uint16_t bits_per_sample; ///< Bits per compressed sample. - uint32_t bit_rate; ///< Bits of compressed data per second. + uint64_t bit_rate; ///< Bits of compressed data per second. uint16_t flags; ///< Flags unsigned block_align; ///< Bytes per compressed block. uint16_t block_samples; ///< Decompressed samples per compressed block. @@ -191,7 +191,7 @@ static int xmv_read_header(AVFormatContext *s) packet->bits_per_sample = avio_rl16(pb); packet->flags = avio_rl16(pb); - packet->bit_rate = packet->bits_per_sample * + packet->bit_rate = (uint64_t)packet->bits_per_sample * packet->sample_rate * packet->channels; packet->block_align = XMV_BLOCK_ALIGN_SIZE * packet->channels; -- 2.22.0 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
