This is an automated email from the git hooks/post-receive script.
Git pushed a commit to branch master
in repository ffmpeg.
The following commit(s) were added to refs/heads/master by this push:
new fd5023053a avcodec/hevc/refs: Check multiplication in alloc_frame()
fd5023053a is described below
commit fd5023053afb86d3abbc26197aeb38e4dfde20f1
Author: Niels Provos <[email protected]>
AuthorDate: Fri May 1 19:48:16 2026 +0200
Commit: michaelni <[email protected]>
CommitDate: Sun May 3 13:19:35 2026 +0000
avcodec/hevc/refs: Check multiplication in alloc_frame()
Fixes: integer overflow on 32bit
---
libavcodec/hevc/refs.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavcodec/hevc/refs.c b/libavcodec/hevc/refs.c
index ccf7258ec4..1faede4e3d 100644
--- a/libavcodec/hevc/refs.c
+++ b/libavcodec/hevc/refs.c
@@ -162,7 +162,10 @@ static HEVCFrame *alloc_frame(HEVCContext *s,
HEVCLayerContext *l)
if (ret < 0)
goto fail;
- frame->rpl = av_refstruct_allocz(s->pkt.nb_nals * sizeof(*frame->rpl));
+ size_t rpl_bytes;
+ if (av_size_mult(s->pkt.nb_nals, sizeof(*frame->rpl), &rpl_bytes) < 0)
+ goto fail;
+ frame->rpl = av_refstruct_allocz(rpl_bytes);
if (!frame->rpl)
goto fail;
frame->nb_rpl_elems = s->pkt.nb_nals;
_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]
