aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2023-06-18 21:00:03 +0200
committerMichael Niedermayer <michael@niedermayer.cc>2023-06-23 02:06:45 +0200
commita4bf559683a999c8faa408fdd8f29bd28a6a47ea (patch)
treed7870f9328e8e64c42ba916d24ba7ea3b4ae91b4
parent25ce1c8333337ca27cd0ca54da2179f122a0dc83 (diff)
downloadffmpeg-a4bf559683a999c8faa408fdd8f29bd28a6a47ea.tar.gz
avcodec/utils: fix 2 integer overflows in get_audio_frame_duration()
Fixes: signed integer overflow: 256 * 668003712 cannot be represented in type 'int' Fixes: 59819/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-4674636538052608 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat
-rw-r--r--libavcodec/utils.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index a8514ba6c1..672eb15d98 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -641,9 +641,9 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba,
if (sr > 0) {
/* calc from sample rate */
if (id == AV_CODEC_ID_TTA)
- return 256 * sr / 245;
+ return 256ll * sr / 245;
else if (id == AV_CODEC_ID_DST)
- return 588 * sr / 44100;
+ return 588ll * sr / 44100;
else if (id == AV_CODEC_ID_BINKAUDIO_DCT) {
if (sr / 22050 > 22)
return 0;
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-28 05:36:21 +0000