avformat/cafdec: Check that nb_frasmes fits within 64bit

Fixes: signed integer overflow: 1099511693312 * 538976288 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6565048815845376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d4bb4e375975dc0d31d5309106cf6ee0ed75140f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2022-09-17 21:48:43 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2022-10-28 21:04:04 +0200
commit: f534619700a46bc5e5ed7ca1bf01919dc2b74fc8 (patch)
tree: c8d619214bad459876b1a57a60cfb462549f2209
parent: 3503a45d98d4e0d39907ccedc1b271aa0410fcad (diff)
download: ffmpeg-f534619700a46bc5e5ed7ca1bf01919dc2b74fc8.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c
index 7596611d28..ee46d19bbe 100644
--- a/libavformat/cafdec.c
+++ b/libavformat/cafdec.c
@@ -335,7 +335,7 @@ static int read_header(AVFormatContext *s)
         return AVERROR_INVALIDDATA;
 
     if (caf->bytes_per_packet > 0 && caf->frames_per_packet > 0) {
-        if (caf->data_size > 0)
+        if (caf->data_size > 0 && caf->data_size / caf->bytes_per_packet < INT64_MAX / caf->frames_per_packet)
             st->nb_frames = (caf->data_size / caf->bytes_per_packet) * caf->frames_per_packet;
     } else if (st->nb_index_entries && st->duration > 0) {
         st->codec->bit_rate = st->codec->sample_rate * caf->data_size * 8 /
author	Michael Niedermayer <michael@niedermayer.cc>	2022-09-17 21:48:43 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2022-10-28 21:04:04 +0200
commit	f534619700a46bc5e5ed7ca1bf01919dc2b74fc8 (patch)
tree	c8d619214bad459876b1a57a60cfb462549f2209
parent	3503a45d98d4e0d39907ccedc1b271aa0410fcad (diff)
download	ffmpeg-f534619700a46bc5e5ed7ca1bf01919dc2b74fc8.tar.gz