avcodec/decode: Fix integer overflow in max_samples check

Fixes: signed integer overflow: 1677721600 * 32 cannot be represented in type 'int' Fixes: 18885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5741242185154560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2019-11-20 21:13:01 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2019-12-15 01:01:22 +0100
commit: 6b7bcd437e590f1678cd6588dcb335d092a1e048 (patch)
tree: 4462cdfb5d7b102b700aff6336f8cbcb2af38b9c /libavcodec/decode.c
parent: a9cc69c0d59057ea172a107e0308fdf5fd8fc04e (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/decode.c b/libavcodec/decode.c
index 0883c7209c..cd275bacc4 100644
--- a/libavcodec/decode.c
+++ b/libavcodec/decode.c
@@ -1925,7 +1925,7 @@ static int get_buffer_internal(AVCodecContext *avctx, AVFrame *frame, int flags)
             return AVERROR(EINVAL);
         }
     } else if (avctx->codec_type == AVMEDIA_TYPE_AUDIO) {
-        if (frame->nb_samples * avctx->channels > avctx->max_samples) {
+        if (frame->nb_samples * (int64_t)avctx->channels > avctx->max_samples) {
             av_log(avctx, AV_LOG_ERROR, "samples per frame %d, exceeds max_samples %"PRId64"\n", frame->nb_samples, avctx->max_samples);
             return AVERROR(EINVAL);
         }
author	Michael Niedermayer <michael@niedermayer.cc>	2019-11-20 21:13:01 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2019-12-15 01:01:22 +0100
commit	6b7bcd437e590f1678cd6588dcb335d092a1e048 (patch)
tree	4462cdfb5d7b102b700aff6336f8cbcb2af38b9c /libavcodec/decode.c
parent	a9cc69c0d59057ea172a107e0308fdf5fd8fc04e (diff)