From d468da8d7960e1d08a6fbf6189a4f6d67e9dfee3 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sat, 9 Nov 2019 21:08:58 +0100
Subject: [PATCH] avcodec/g729dec: Check for KELVIN && 6k4

This combination would assume different block sizes throughout the code so its
better to error out.

Fixes: signed integer overflow: -1082385168 * 2 cannot be represented in type 'int'
Fixes: 19110/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5643993950191616

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/g729dec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/g729dec.c b/libavcodec/g729dec.c
index 16869e0df8..eafac8a023 100644
--- a/libavcodec/g729dec.c
+++ b/libavcodec/g729dec.c
@@ -434,7 +434,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame_ptr,
         ctx->onset = 0;
         ctx->voice_decision = DECISION_VOICE;
         av_log(avctx, AV_LOG_DEBUG, "Packet type: %s\n", "G.729 @ 8kbit/s");
-    } else if (buf_size == G729D_6K4_BLOCK_SIZE * avctx->channels) {
+    } else if (buf_size == G729D_6K4_BLOCK_SIZE * avctx->channels && avctx->codec_id != AV_CODEC_ID_ACELP_KELVIN) {
         packet_type = FORMAT_G729D_6K4;
         format = &format_g729d_6k4;
         av_log(avctx, AV_LOG_DEBUG, "Packet type: %s\n", "G.729D @ 6.4kbit/s");