xenia-project/FFmpeg
1
0
Fork 0
mirror of https://github.com/xenia-project/FFmpeg.git synced 2024-11-28 22:10:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

avcodec/alsdec: Fix integer overflow with buffer number

Browse Source 
Fixes: signed integer overflow: 65313 * 65313 cannot be represented in type 'int'
Fixes: 15290/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5738074249625600

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2019-06-21 00:47:17 +02:00
parent 7f527021df
commit 5f64f6058e
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/alsdec.c
View File

@ -1993,6 +1993,8 @@ static av_cold int decode_init(AVCodecContext *avctx)
// allocate quantized parcor coefficient buffer
num_buffers = sconf->mc_coding ? avctx->channels : 1;
if (num_buffers * (uint64_t)num_buffers > INT_MAX) // protect chan_data_buffer allocation
return AVERROR_INVALIDDATA;
ctx->quant_cof = av_malloc_array(num_buffers, sizeof(*ctx->quant_cof));
ctx->lpc_cof = av_malloc_array(num_buffers, sizeof(*ctx->lpc_cof));