packages/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ffmpeg/backport-CVE-2024-36616.patch
李宁杰 cf581fa7db fix CVE-2024-35368 CVE-2024-36616 
(cherry picked from commit 1c70296ee875b695c8bc39d055c0e1112d53e0c0)
2024-12-05 17:21:27 +08:00

30 lines
1.2 KiB
Diff
Raw Permalink Blame History

From 86f73277bf014e2ce36dd2594f1e0fb8b3bd6661 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Tue, 26 Mar 2024 01:00:13 +0100
Subject: [PATCH] avformat/westwood_vqa: Fix 2g packets
Fixes: signed integer overflow: 2147483424 * 2 cannot be represented in type 'int'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-4576211411795968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavformat/westwood_vqa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/westwood_vqa.c b/libavformat/westwood_vqa.c
index 954710a6f0..3a31e3f5e8 100644
--- a/libavformat/westwood_vqa.c
+++ b/libavformat/westwood_vqa.c
@@ -262,7 +262,7 @@ static int wsvqa_read_packet(AVFormatContext *s,
break;
case SND2_TAG:
/* 2 samples/byte, 1 or 2 samples per frame depending on stereo */
- pkt->duration = (chunk_size * 2) / wsvqa->channels;
+ pkt->duration = (chunk_size * 2LL) / wsvqa->channels;
break;
}
break;
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink