diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2022-09-17 21:48:43 +0200 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2022-09-24 22:51:39 +0200 |
commit | 77d5cf5e9bdc0d5b84ff2136344fd84cb7d84c16 (patch) | |
tree | d51c1749d8e50b567e428409bdc52945f1cb376c | |
parent | 049b9f44e9a6c480271188f7fa59020d8e09ae5e (diff) | |
download | ffmpeg-77d5cf5e9bdc0d5b84ff2136344fd84cb7d84c16.tar.gz |
avformat/cafdec: Check that nb_frasmes fits within 64bit
Fixes: signed integer overflow: 1099511693312 * 538976288 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6565048815845376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d4bb4e375975dc0d31d5309106cf6ee0ed75140f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r-- | libavformat/cafdec.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c index b9e70ea2fb..3c6d6922a0 100644 --- a/libavformat/cafdec.c +++ b/libavformat/cafdec.c @@ -341,7 +341,7 @@ static int read_header(AVFormatContext *s) return AVERROR_INVALIDDATA; if (caf->bytes_per_packet > 0 && caf->frames_per_packet > 0) { - if (caf->data_size > 0) + if (caf->data_size > 0 && caf->data_size / caf->bytes_per_packet < INT64_MAX / caf->frames_per_packet) st->nb_frames = (caf->data_size / caf->bytes_per_packet) * caf->frames_per_packet; } else if (st->nb_index_entries && st->duration > 0) { if (st->codecpar->sample_rate && caf->data_size / st->duration > INT64_MAX / st->codecpar->sample_rate / 8) { |