This is an automated email from the git hooks/post-receive script.
Git pushed a commit to branch master
in repository ffmpeg.
The following commit(s) were added to refs/heads/master by this push:
new f47ca0a5e6 avformat/matroskadec: Check audio.sub_packet_h *
audio.frame_size
f47ca0a5e6 is described below
commit f47ca0a5e6afe9ed3dbd8080220f741983fecb20
Author: Michael Niedermayer <[email protected]>
AuthorDate: Thu Mar 12 23:25:17 2026 +0100
Commit: michaelni <[email protected]>
CommitDate: Sun May 3 14:39:45 2026 +0000
avformat/matroskadec: Check audio.sub_packet_h * audio.frame_size
Fixes: out of array access
Fixes: poc_matroska.mkv
This issue requires manually increasing the malloc limit
(-max_alloc 4294967296)
Found-by: Guanni Qu <[email protected]>
Signed-off-by: Michael Niedermayer <[email protected]>
---
libavformat/matroskadec.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index e8bae1eb64..bc584abc75 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -2785,6 +2785,10 @@ static int mka_parse_audio_codec(MatroskaTrack *track,
AVCodecParameters *par,
par->block_align = track->audio.sub_packet_size;
*extradata_offset = 78;
}
+ if (par->block_align <= 0 ||
+ track->audio.sub_packet_h * (unsigned)track->audio.frame_size >
INT_MAX ||
+ track->audio.frame_size * track->audio.sub_packet_h <
par->block_align)
+ return AVERROR_INVALIDDATA;
track->audio.buf = av_malloc_array(track->audio.sub_packet_h,
track->audio.frame_size);
if (!track->audio.buf)
_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]
