avcodec/utils: Check for overflow with ATRAC* in get_audio_frame_duration()

Fixes: signed integer overflow: 1024 * 13129048 cannot be represented in type 'int'
Fixes: 26378/clusterfuzz-testcase-minimized-ffmpeg_dem_CODEC2RAW_fuzzer-5634018353348608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 01bb12f883dccc419317516e093fdc6dfa41bc31)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

1 files changed, 4 insertions, 1 deletions

diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index 75e7035b8a..20d9d4ceee 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -1575,7 +1575,10 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba,
     case AV_CODEC_ID_MP1:          return  384;
     case AV_CODEC_ID_ATRAC1:       return  512;
     case AV_CODEC_ID_ATRAC9:
-    case AV_CODEC_ID_ATRAC3:       return 1024 * framecount;
+    case AV_CODEC_ID_ATRAC3:
+        if (framecount > INT_MAX/1024)
+            return 0;
+        return 1024 * framecount;
     case AV_CODEC_ID_ATRAC3P:      return 2048;
     case AV_CODEC_ID_MP2:
     case AV_CODEC_ID_MUSEPACK7:    return 1152;