summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2022-09-17 21:48:43 +0200
committerMichael Niedermayer <michael@niedermayer.cc>2022-09-25 13:52:00 +0200
commite7d1caf41f6e514f7b0a9c4c36b347e83b3468f4 (patch)
tree52a6f3c032f65a111de3bb63d2a925f74144b3b8
parentc44ce5d8043a3b24f0deefa0c593637302f43188 (diff)
downloadffmpeg-e7d1caf41f6e514f7b0a9c4c36b347e83b3468f4.tar.gz
avformat/cafdec: Check that nb_frasmes fits within 64bit
Fixes: signed integer overflow: 1099511693312 * 538976288 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6565048815845376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d4bb4e375975dc0d31d5309106cf6ee0ed75140f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r--libavformat/cafdec.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c
index d18c3fce75..1842c3c0ae 100644
--- a/libavformat/cafdec.c
+++ b/libavformat/cafdec.c
@@ -342,7 +342,7 @@ static int read_header(AVFormatContext *s)
found_data:
if (caf->bytes_per_packet > 0 && caf->frames_per_packet > 0) {
- if (caf->data_size > 0)
+ if (caf->data_size > 0 && caf->data_size / caf->bytes_per_packet < INT64_MAX / caf->frames_per_packet)
st->nb_frames = (caf->data_size / caf->bytes_per_packet) * caf->frames_per_packet;
} else if (st->nb_index_entries && st->duration > 0) {
if (st->codecpar->sample_rate && caf->data_size / st->duration > INT64_MAX / st->codecpar->sample_rate / 8) {