diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2021-01-16 22:20:37 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2021-10-09 22:02:20 +0200 |
| commit | f8a147dfde092f97dbc5d1f6fc5b0052dd602f7d (patch) | |
| tree | 5602567b8e3092a4ff238683136d4e56617411fa /libavformat | |
| parent | af35cb648a365f54f49531ffec44bc98d57ecb9b (diff) | |
| download | ffmpeg-f8a147dfde092f97dbc5d1f6fc5b0052dd602f7d.tar.gz | |
avformat/mvi: Use 64bit for testing dimensions
Fixes: signed integer overflow: 65535 * 65535 cannot be represented in type 'int'
Fixes: 26910/clusterfuzz-testcase-minimized-ffmpeg_dem_MVI_fuzzer-6649291124899840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 48fb752767086a48e599f9e86d87096f66cc7590)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavformat')
| -rw-r--r-- | libavformat/mvi.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/mvi.c b/libavformat/mvi.c index 1e2a08b44c..0b53473671 100644 --- a/libavformat/mvi.c +++ b/libavformat/mvi.c @@ -93,7 +93,7 @@ static int read_header(AVFormatContext *s) vst->codecpar->codec_type = AVMEDIA_TYPE_VIDEO; vst->codecpar->codec_id = AV_CODEC_ID_MOTIONPIXELS; - mvi->get_int = (vst->codecpar->width * vst->codecpar->height < (1 << 16)) ? avio_rl16 : avio_rl24; + mvi->get_int = (vst->codecpar->width * (int64_t)vst->codecpar->height < (1 << 16)) ? avio_rl16 : avio_rl24; mvi->audio_frame_size = ((uint64_t)mvi->audio_data_size << MVI_FRAC_BITS) / frames_count; if (mvi->audio_frame_size <= 1 << MVI_FRAC_BITS - 1) { |