Overview

File ffmpeg-CVE-2024-36613.patch of Package ffmpeg.38336

commit 50d8e4f27398fd5778485a827d7a2817921f8540 (20240526_CVE-2024-36613_50d8e4f27398fd5778485a827d7a2817921f8540_n7.0_bsc#1235092)
Author: Michael Niedermayer <michael@niedermayer.cc>
Date:   Sat Sep 30 00:51:29 2023 +0200

    avformat/dxa: Adjust order of operations around block align
    
    Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-5730576523198464
    Fixes: signed integer overflow: 2147483566 + 82 cannot be represented in type 'int'
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

--- a/libavformat/dxa.c
+++ b/libavformat/dxa.c
@@ -120,7 +120,7 @@
         }
         c->bpc = (fsize + c->frames - 1) / c->frames;
         if(ast->codecpar->block_align)
-            c->bpc = ((c->bpc + ast->codecpar->block_align - 1) / ast->codecpar->block_align) * ast->codecpar->block_align;
+            c->bpc = ((c->bpc - 1 + ast->codecpar->block_align) / ast->codecpar->block_align) * ast->codecpar->block_align;
         c->bytes_left = fsize;
         c->wavpos = avio_tell(pb);
         avio_seek(pb, c->vidpos, SEEK_SET);
openSUSE Build Service is sponsored by
Places