aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2019-06-28 19:20:43 +0200
committerMichael Niedermayer <michael@niedermayer.cc>2020-07-01 12:11:55 +0200
commit0d4df82e2a4a6c9410a9bf22fc386acd6e176d4b (patch)
tree824712e60398ccd8f2b13ed955991945785c11c7
parent9b01f16af85d7be117a589e2a2ead20effe1e0f7 (diff)
downloadffmpeg-0d4df82e2a4a6c9410a9bf22fc386acd6e176d4b.tar.gz
avcodec/rv10: Fix integer overflow in aspect ratio compare
Fixes: signed integer overflow: 2040 * 1187872 cannot be represented in type 'int' Fixes: 15368/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RV20_fuzzer-5681657136283648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 14fcf42958608223a0be6558fb6e323419c9fc27) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r--libavcodec/rv10.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/rv10.c b/libavcodec/rv10.c
index 81aa9ae587..9b3083269c 100644
--- a/libavcodec/rv10.c
+++ b/libavcodec/rv10.c
@@ -388,9 +388,9 @@ static int rv20_decode_picture_header(RVDecContext *rv)
// attempt to keep aspect during typical resolution switches
if (!old_aspect.num)
old_aspect = (AVRational){1, 1};
- if (2 * new_w * s->height == new_h * s->width)
+ if (2 * (int64_t)new_w * s->height == (int64_t)new_h * s->width)
s->avctx->sample_aspect_ratio = av_mul_q(old_aspect, (AVRational){2, 1});
- if (new_w * s->height == 2 * new_h * s->width)
+ if ((int64_t)new_w * s->height == 2 * (int64_t)new_h * s->width)
s->avctx->sample_aspect_ratio = av_mul_q(old_aspect, (AVRational){1, 2});
ret = ff_set_dimensions(s->avctx, new_w, new_h);