RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

avformat/rpl: check channels 

Fixes: 42537199/clusterfuzz-testcase-minimized-fuzzer_loadfile_direct-5447162658357248
Fixes: runtime error: signed integer overflow: -3330498059201358222 * 4 cannot be represented in type 'int64_t' (aka 'long')

Found-by: ossfuzz
Reported-by: Kacper Michajlow
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2024-11-03 20:08:07 +01:00
parent b16102ab1c
commit beca13a42e
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavformat/rpl.c
View File

@ -205,6 +205,8 @@ static int rpl_read_header(AVFormatContext *s)
if (ast->codecpar->sample_rate < 0) if (ast->codecpar->sample_rate < 0)
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
channels = read_line_and_int(pb, &error); // number of audio channels channels = read_line_and_int(pb, &error); // number of audio channels
if (channels <= 0)
return AVERROR_INVALIDDATA;
error |= read_line(pb, line, sizeof(line)); error |= read_line(pb, line, sizeof(line));
ast->codecpar->bits_per_coded_sample = read_int(line, &endptr, &error); // audio bits per sample ast->codecpar->bits_per_coded_sample = read_int(line, &endptr, &error); // audio bits per sample
av_strlcpy(audio_type, endptr, RPL_LINE_LENGTH); av_strlcpy(audio_type, endptr, RPL_LINE_LENGTH);