Stowage/ffmpeg
2
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2026-04-18 00:20:21 +00:00
Code Issues Projects Releases Packages Wiki Activity

avcodec/utils: fix duration computation based on frame_bytes

Browse source 
Fixes: signed integer overflow: 256 * 8396351 cannot be represented in type 'int'
Fixes: 482692578/clusterfuzz-testcase-minimized-ffmpeg_dem_SWF_fuzzer-5865521093607424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2026-02-22 17:30:32 +01:00
parent 0ddece40c5
commit 6084f07189
No known key found for this signature in database
GPG key ID: B18E8928B3948D64
1 changed files with 10 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

20
libavcodec/utils.c
View file

@ -641,16 +641,16 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba,
if (frame_bytes > 0) {
/* calc from frame_bytes only */
if (id == AV_CODEC_ID_TRUESPEECH)
return 240 * (frame_bytes / 32);
if (id == AV_CODEC_ID_NELLYMOSER)
return 256 * (frame_bytes / 64);
if (id == AV_CODEC_ID_RA_144)
return 160 * (frame_bytes / 20);
if (id == AV_CODEC_ID_APTX)
return 4 * (frame_bytes / 4);
if (id == AV_CODEC_ID_APTX_HD)
return 4 * (frame_bytes / 6);
int64_t d = INT64_MIN;
switch(id) {
case AV_CODEC_ID_TRUESPEECH : d = 240LL * (frame_bytes / 32); break;
case AV_CODEC_ID_NELLYMOSER : d = 256LL * (frame_bytes / 64); break;
case AV_CODEC_ID_RA_144 : d = 160LL * (frame_bytes / 20); break;
case AV_CODEC_ID_APTX : d = 4LL * (frame_bytes / 4); break;
case AV_CODEC_ID_APTX_HD : d = 4LL * (frame_bytes / 6); break;
}
if (d > INT64_MIN)
return ((int)d == d && d > 0) ? d : 0;
if (bps > 0) {
/* calc from frame_bytes and bits_per_coded_sample */