avcodec/eamad: Fix runtime error: signed integer overflow: 49674 * 49858 cannot be...
authorMichael Niedermayer <michael@niedermayer.cc>
Sun, 7 May 2017 13:42:17 +0000 (15:42 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Sat, 20 May 2017 01:41:33 +0000 (03:41 +0200)
Fixes: 1394/clusterfuzz-testcase-minimized-6493376885030912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0ac1c87194a67e6104a3d241a4dd1ca0808784bd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/eamad.c

index 4e202f9..0525394 100644 (file)
@@ -284,7 +284,7 @@ static int decode_frame(AVCodecContext *avctx,
 
     if (avctx->width != width || avctx->height != height) {
         av_frame_unref(s->last_frame);
-        if((width * height)/2048*7 > bytestream2_get_bytes_left(&gb))
+        if((width * (int64_t)height)/2048*7 > bytestream2_get_bytes_left(&gb))
             return AVERROR_INVALIDDATA;
         if ((ret = ff_set_dimensions(avctx, width, height)) < 0)
             return ret;