Chiebot-Mirror
/
FFmpeg
mirror of https://github.com/FFmpeg/FFmpeg.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

avcodec/alsdec: Fix integer overflow with buffer number

Browse Source 
Fixes: signed integer overflow: 65313 * 65313 cannot be represented in type 'int'
Fixes: 15290/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5738074249625600

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
pull/316/head
Michael Niedermayer 5 years ago
parent 7f527021df
commit 5f64f6058e
1 changed files with 2 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      libavcodec/alsdec.c

2
libavcodec/alsdec.c
Unescape View File

@ -1993,6 +1993,8 @@ static av_cold int decode_init(AVCodecContext *avctx)
// allocate quantized parcor coefficient buffer
num_buffers = sconf->mc_coding ? avctx->channels : 1;
if (num_buffers * (uint64_t)num_buffers > INT_MAX) // protect chan_data_buffer allocation
return AVERROR_INVALIDDATA;
ctx->quant_cof = av_malloc_array(num_buffers, sizeof(*ctx->quant_cof));
ctx->lpc_cof = av_malloc_array(num_buffers, sizeof(*ctx->lpc_cof));

Write Preview
Loading…
Cancel
Save