[FFmpeg-devel] [PATCH] Fix signed integer overflow undefined behavior

Michael Niedermayer michael at niedermayer.cc
Sat Jan 20 01:00:46 EET 2018


On Fri, Jan 19, 2018 at 02:48:08PM -0800, Nikolas Bowe wrote:
> Found via fuzzing
> ---
>  libavformat/rpl.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libavformat/rpl.c b/libavformat/rpl.c
> index d373600478..df449bfc29 100644
> --- a/libavformat/rpl.c
> +++ b/libavformat/rpl.c
> @@ -194,7 +194,7 @@ static int rpl_read_header(AVFormatContext *s)
>          if (ast->codecpar->bits_per_coded_sample == 0)
>              ast->codecpar->bits_per_coded_sample = 4;
>  
> -        ast->codecpar->bit_rate = ast->codecpar->sample_rate *
> +        ast->codecpar->bit_rate = (uint64_t)ast->codecpar->sample_rate *
>                                    ast->codecpar->bits_per_coded_sample *
>                                    ast->codecpar->channels;

uint64_t is the wrong type, bit_rate is int64_t

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I know you won't believe me, but the highest form of Human Excellence is
to question oneself and others. -- Socrates
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20180120/3bd10ef0/attachment.sig>


More information about the ffmpeg-devel mailing list