avformat/mov: Check sample size for overflow in mov_parse_stsd_audio()

Fixes: signed integer overflow: 2 * 1914708000 cannot be represented in type 'int' Fixes: 31639/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6303428239294464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2021-03-17 23:39:04 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2021-03-26 16:00:14 +0100
commit: d35677736a59ec6579b4da63d9b1444986ba339e (patch)
tree: 514c0850eeec5fa69e87f02e3b9aa1d075c11457 /libavformat
parent: e8bd34fe4fc05700b19c3915ff9768c8072309c4 (diff)
download: ffmpeg-d35677736a59ec6579b4da63d9b1444986ba339e.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/mov.c b/libavformat/mov.c
index aef5517c2c..b90cec7173 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -2263,7 +2263,7 @@ static void mov_parse_stsd_audio(MOVContext *c, AVIOContext *pb,
     }
 
     bits_per_sample = av_get_bits_per_sample(st->codecpar->codec_id);
-    if (bits_per_sample) {
+    if (bits_per_sample && (bits_per_sample >> 3) * (uint64_t)st->codecpar->channels <= INT_MAX) {
         st->codecpar->bits_per_coded_sample = bits_per_sample;
         sc->sample_size = (bits_per_sample >> 3) * st->codecpar->channels;
     }
author	Michael Niedermayer <michael@niedermayer.cc>	2021-03-17 23:39:04 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2021-03-26 16:00:14 +0100
commit	d35677736a59ec6579b4da63d9b1444986ba339e (patch)
tree	514c0850eeec5fa69e87f02e3b9aa1d075c11457 /libavformat
parent	e8bd34fe4fc05700b19c3915ff9768c8072309c4 (diff)
download	ffmpeg-d35677736a59ec6579b4da63d9b1444986ba339e.tar.gz