[FFmpeg-cvslog] avcodec/srtdec: Fix signed integer overflow: 1811992524 * 384 cannot be represented in type 'int'

Michael Niedermayer git at videolan.org
Mon Feb 20 02:17:49 EET 2017


ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Sun Feb 19 23:37:53 2017 +0100| [c11d3634b07b4aa71f75478aa1bcb63b0c22e030] | committer: Michael Niedermayer

avcodec/srtdec: Fix signed integer overflow: 1811992524 * 384 cannot be represented in type 'int'

Fixes: 617/clusterfuzz-testcase-6413875723370496

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c11d3634b07b4aa71f75478aa1bcb63b0c22e030
---

 libavcodec/srtdec.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libavcodec/srtdec.c b/libavcodec/srtdec.c
index 30930c8..862ab47 100644
--- a/libavcodec/srtdec.c
+++ b/libavcodec/srtdec.c
@@ -38,13 +38,13 @@ static void srt_to_ass(AVCodecContext *avctx, AVBPrint *dst,
             /* text rectangle defined, write the text at the center of the rectangle */
             const int cx = x1 + (x2 - x1)/2;
             const int cy = y1 + (y2 - y1)/2;
-            const int scaled_x = cx * ASS_DEFAULT_PLAYRESX / 720;
-            const int scaled_y = cy * ASS_DEFAULT_PLAYRESY / 480;
+            const int scaled_x = cx * (int64_t)ASS_DEFAULT_PLAYRESX / 720;
+            const int scaled_y = cy * (int64_t)ASS_DEFAULT_PLAYRESY / 480;
             av_bprintf(dst, "{\\an5}{\\pos(%d,%d)}", scaled_x, scaled_y);
         } else {
             /* only the top left corner, assume the text starts in that corner */
-            const int scaled_x = x1 * ASS_DEFAULT_PLAYRESX / 720;
-            const int scaled_y = y1 * ASS_DEFAULT_PLAYRESY / 480;
+            const int scaled_x = x1 * (int64_t)ASS_DEFAULT_PLAYRESX / 720;
+            const int scaled_y = y1 * (int64_t)ASS_DEFAULT_PLAYRESY / 480;
             av_bprintf(dst, "{\\an1}{\\pos(%d,%d)}", scaled_x, scaled_y);
         }
     }



More information about the ffmpeg-cvslog mailing list