avformat/avidec: Fix io_fsize overflow

Fixes: signed integer overflow: 7958120835074169528 * 9 cannot be represented in type 'long long' Fixes: 23382/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6230683226996736 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cf0c700b0c25f5d9fe50dd27086a06812822f11a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2020-06-22 00:09:05 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2021-10-17 21:34:53 +0200
commit: 39adb150346f6f27b2ae290977b706f72699e20f (patch)
tree: cec2b7caec671abeed89569a10073372a5b5f4e2
parent: 8fbc110d89bf9213db752fae460717a40726cdcc (diff)
download: ffmpeg-39adb150346f6f27b2ae290977b706f72699e20f.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/avidec.c b/libavformat/avidec.c
index 26ff02bc21..fed74df171 100644
--- a/libavformat/avidec.c
+++ b/libavformat/avidec.c
@@ -442,7 +442,7 @@ static int calculate_bitrate(AVFormatContext *s)
         maxpos = FFMAX(maxpos, st->index_entries[j-1].pos);
         lensum += len;
     }
-    if (maxpos < avi->io_fsize*9/10) // index does not cover the whole file
+    if (maxpos < av_rescale(avi->io_fsize, 9, 10)) // index does not cover the whole file
         return 0;
     if (lensum*9/10 > maxpos || lensum < maxpos*9/10) // frame sum and filesize mismatch
         return 0;
author	Michael Niedermayer <michael@niedermayer.cc>	2020-06-22 00:09:05 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2021-10-17 21:34:53 +0200
commit	39adb150346f6f27b2ae290977b706f72699e20f (patch)
tree	cec2b7caec671abeed89569a10073372a5b5f4e2
parent	8fbc110d89bf9213db752fae460717a40726cdcc (diff)
download	ffmpeg-39adb150346f6f27b2ae290977b706f72699e20f.tar.gz