Chiebot-Mirror
/
FFmpeg
mirror of https://github.com/FFmpeg/FFmpeg.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

avformat/wvdec: Check rate for overflow

Browse Source 
Fixes: signed integer overflow: 6000 * -2147483648 cannot be represented in type 'int'
Fixes: 25700/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6578316302352384

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
pull/352/head
Michael Niedermayer 4 years ago
parent 1aee02c7c1
commit 688c1175ba
1 changed files with 3 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      libavformat/wvdec.c

5
libavformat/wvdec.c
Unescape View File

@ -79,8 +79,9 @@ static int wv_read_block_header(AVFormatContext *ctx, AVIOContext *pb)
{
WVContext *wc = ctx->priv_data;
int ret;
int rate, rate_x, bpp, chan;
int rate, bpp, chan;
uint32_t chmask, flags;
unsigned rate_x;
wc->pos = avio_tell(pb);
@ -192,7 +193,7 @@ static int wv_read_block_header(AVFormatContext *ctx, AVIOContext *pb)
if (id & 0x40)
avio_skip(pb, 1);
}
if (rate == -1) {
if (rate == -1 || rate * (uint64_t)rate_x >= INT_MAX) {
av_log(ctx, AV_LOG_ERROR,
"Cannot determine custom sampling rate\n");
return AVERROR_INVALIDDATA;

Write Preview
Loading…
Cancel
Save