diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2019-06-28 19:20:43 +0200 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2020-07-01 12:11:55 +0200 |
commit | 0d4df82e2a4a6c9410a9bf22fc386acd6e176d4b (patch) | |
tree | 824712e60398ccd8f2b13ed955991945785c11c7 | |
parent | 9b01f16af85d7be117a589e2a2ead20effe1e0f7 (diff) | |
download | ffmpeg-0d4df82e2a4a6c9410a9bf22fc386acd6e176d4b.tar.gz |
avcodec/rv10: Fix integer overflow in aspect ratio compare
Fixes: signed integer overflow: 2040 * 1187872 cannot be represented in type 'int'
Fixes: 15368/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RV20_fuzzer-5681657136283648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 14fcf42958608223a0be6558fb6e323419c9fc27)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r-- | libavcodec/rv10.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/rv10.c b/libavcodec/rv10.c index 81aa9ae587..9b3083269c 100644 --- a/libavcodec/rv10.c +++ b/libavcodec/rv10.c @@ -388,9 +388,9 @@ static int rv20_decode_picture_header(RVDecContext *rv) // attempt to keep aspect during typical resolution switches if (!old_aspect.num) old_aspect = (AVRational){1, 1}; - if (2 * new_w * s->height == new_h * s->width) + if (2 * (int64_t)new_w * s->height == (int64_t)new_h * s->width) s->avctx->sample_aspect_ratio = av_mul_q(old_aspect, (AVRational){2, 1}); - if (new_w * s->height == 2 * new_h * s->width) + if ((int64_t)new_w * s->height == 2 * (int64_t)new_h * s->width) s->avctx->sample_aspect_ratio = av_mul_q(old_aspect, (AVRational){1, 2}); ret = ff_set_dimensions(s->avctx, new_w, new_h); |