[FFmpeg-devel] [PATCH 6/7] avcodec/utils: USe 64bit in get_audio_frame_duration() for ADPCM_DTK

[Michael Niedermayer]

On Sat, Nov 14, 2020 at 11:17:52AM +0100, Anton Khirnov wrote:
> Quoting Michael Niedermayer (2020-11-04 01:06:48)
> > Fixes: signed integer overflow: 131203586 * 28 cannot be represented in type 'int'
> > Fixes: 26817/clusterfuzz-testcase-minimized-ffmpeg_dem_MSF_fuzzer-6296902548848640
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > ---
> >  libavcodec/utils.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/libavcodec/utils.c b/libavcodec/utils.c
> > index 110496cc44..82506ea69c 100644
> > --- a/libavcodec/utils.c
> > +++ b/libavcodec/utils.c
> > @@ -1687,7 +1687,7 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba,
> >                  return frame_bytes / (9 * ch) * 16;
> >              case AV_CODEC_ID_ADPCM_PSX:
> >              case AV_CODEC_ID_ADPCM_DTK:
> > -                return frame_bytes / (16 * ch) * 28;
> > +                return frame_bytes / ((int64_t)16 * ch) * 28;
> 
> This assumes int is strictly smaller than int64. Why not just test
> whether 16 * ch fits in an int and return zero if it does not?

ill apply something that shouldnt depend on int sizeof

thx
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

It is dangerous to be right in matters on which the established authorities
are wrong. -- Voltaire
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20210123/5b9aa22a/attachment.sig>