From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id 613744576A
	for <ffmpegdev@gitmailbox.com>; Mon, 20 Feb 2023 19:29:51 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 8B5B168C094;
	Mon, 20 Feb 2023 21:29:41 +0200 (EET)
Received: from relay10.mail.gandi.net (relay10.mail.gandi.net [217.70.178.230])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 6053E68BFEC
 for <ffmpeg-devel@ffmpeg.org>; Mon, 20 Feb 2023 21:29:34 +0200 (EET)
Received: (Authenticated sender: michael@niedermayer.cc)
 by mail.gandi.net (Postfix) with ESMTPSA id 7DCC0240002
 for <ffmpeg-devel@ffmpeg.org>; Mon, 20 Feb 2023 19:29:33 +0000 (UTC)
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Mon, 20 Feb 2023 20:29:25 +0100
Message-Id: <20230220192929.4493-2-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20230220192929.4493-1-michael@niedermayer.cc>
References: <20230220192929.4493-1-michael@niedermayer.cc>
Subject: [FFmpeg-devel] [PATCH 2/6] avformat/rka: Fix 1/0 with bps=1
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20230220192929.4493-2-michael@niedermayer.cc/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

Fixes: division by zero
Fixes: 55940/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-6333107679920128

The decoder does not support bps=1 and i have no such sample so it is not
known if this duration is correct. Alternatively we could error out on all
bps we currently do not support on the decoder side or not set duration.

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/rka.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/rka.c b/libavformat/rka.c
index cc55480345..39e5b3bce1 100644
--- a/libavformat/rka.c
+++ b/libavformat/rka.c
@@ -114,7 +114,7 @@ static int rka_read_header(AVFormatContext *s)
     par->ch_layout.nb_channels = channels;
     par->sample_rate = samplerate;
     par->bits_per_raw_sample = bps;
-    st->duration = nb_samples / (channels * (bps >> 3));
+    st->duration = 8LL*nb_samples / (channels * bps);
 
     if (s->pb->seekable & AVIO_SEEKABLE_NORMAL)
         ff_ape_parse_tag(s);
-- 
2.17.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".