summaryrefslogtreecommitdiff
path: root/libavcodec/utils.c
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2020-10-16 13:30:29 +0200
committerMichael Niedermayer <michael@niedermayer.cc>2020-10-17 14:36:11 +0200
commit01bb12f883dccc419317516e093fdc6dfa41bc31 (patch)
tree52dedcb292ccfd731bcad18aae4a6c4db60530cd /libavcodec/utils.c
parent3fbf8737923ac49754946a2505367630544b87f1 (diff)
avcodec/utils: Check for overflow with ATRAC* in get_audio_frame_duration()
Fixes: signed integer overflow: 1024 * 13129048 cannot be represented in type 'int' Fixes: 26378/clusterfuzz-testcase-minimized-ffmpeg_dem_CODEC2RAW_fuzzer-5634018353348608 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec/utils.c')
-rw-r--r--libavcodec/utils.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index a43474d437..93ac1cd9f0 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -1614,7 +1614,10 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba,
case AV_CODEC_ID_MP1: return 384;
case AV_CODEC_ID_ATRAC1: return 512;
case AV_CODEC_ID_ATRAC9:
- case AV_CODEC_ID_ATRAC3: return 1024 * framecount;
+ case AV_CODEC_ID_ATRAC3:
+ if (framecount > INT_MAX/1024)
+ return 0;
+ return 1024 * framecount;
case AV_CODEC_ID_ATRAC3P: return 2048;
case AV_CODEC_ID_MP2:
case AV_CODEC_ID_MUSEPACK7: return 1152;
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-18 18:48:43 +0000