On Sat, Sep 17, 2022 at 04:45:28PM +0200, Paul B Mahol wrote:
> On 9/17/22, Michael Niedermayer <michael@niedermayer.cc> wrote:
> > Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in
> > type 'int'
> > Fixes:
> > 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896
> >
> > Found-by: continuous fuzzing process
> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavformat/aiffdec.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c
> > index 318e3ad742e..80733e58010 100644
> > --- a/libavformat/aiffdec.c
> > +++ b/libavformat/aiffdec.c
> > @@ -428,7 +428,7 @@ static int aiff_read_packet(AVFormatContext *s,
> >          pkt->flags &= ~AV_PKT_FLAG_CORRUPT;
> >      /* Only one stream in an AIFF file */
> >      pkt->stream_index = 0;
> > -    pkt->duration     = (res / st->codecpar->block_align) *
> > aiff->block_duration;
> > +    pkt->duration     = (res / st->codecpar->block_align) * (int64_t)
> > aiff->block_duration;
> >      return 0;
> >  }
> 
> LGTM

will apply

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Frequently ignored answer#1 FFmpeg bugs should be sent to our bugtracker. User
questions about the command line tools should be sent to the ffmpeg-user ML.
And questions about how to use libav* should be sent to the libav-user ML.