opensource/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-05-17 06:58:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

avformat/matroskadec: check that channels fit in signed 32bit int

Browse Source 
Fixes: signed integer overflow: -1384566925600903168 * 16 cannot be represented in type 'long'
Fixes: 407069502/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-5159255372267520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2025-05-11 23:18:19 +02:00
parent 8e6db875af
commit 05f8c8c4c2
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libavformat/matroskadec.c
View File

@ -2842,6 +2842,8 @@ static int mka_parse_audio(MatroskaTrack *track, AVStream *st,
par->sample_rate = track->audio.out_samplerate;
// channel layout may be already set by codec private checks above
if (!av_channel_layout_check(&par->ch_layout)) {
if (track->audio.channels > INT32_MAX)
return AVERROR_PATCHWELCOME;
par->ch_layout.order = AV_CHANNEL_ORDER_UNSPEC;
par->ch_layout.nb_channels = track->audio.channels;
}