From e6cad01122c6dea0435d042d68a56045a214492d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 1 Apr 2022 12:46:08 +0200 Subject: avformat/matroskadec: avoid integer overflows in SAR computation This ignores >64bit Alternatively we could support that if it occurs in reality Fixes: negation of -9223372036854775808 Fixes: integer overflows Fixes: 46072/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-5029840966778880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/matroskadec.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'libavformat') diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index cd30b5f7a4..73ded761fd 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -2886,11 +2886,14 @@ static int matroska_parse_tracks(AVFormatContext *s) mkv_stereo_mode_display_mul(track->video.stereo_mode, &display_width_mul, &display_height_mul); if (track->video.display_unit < MATROSKA_VIDEO_DISPLAYUNIT_UNKNOWN) { - av_reduce(&st->sample_aspect_ratio.num, - &st->sample_aspect_ratio.den, - st->codecpar->height * track->video.display_width * display_width_mul, - st->codecpar->width * track->video.display_height * display_height_mul, - INT_MAX); + if (track->video.display_width && track->video.display_height && + st->codecpar->height < INT64_MAX / track->video.display_width / display_width_mul && + st->codecpar->width < INT64_MAX / track->video.display_height / display_height_mul) + av_reduce(&st->sample_aspect_ratio.num, + &st->sample_aspect_ratio.den, + st->codecpar->height * track->video.display_width * display_width_mul, + st->codecpar->width * track->video.display_height * display_height_mul, + INT_MAX); } if (st->codecpar->codec_id != AV_CODEC_ID_HEVC) sti->need_parsing = AVSTREAM_PARSE_HEADERS; -- cgit v1.2.3