This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/8.1 in repository ffmpeg.
commit 874f26fe96578488cef81dbf457503fca7de42cf Author: Niels Provos <[email protected]> AuthorDate: Fri May 1 19:48:16 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Sun May 3 19:24:57 2026 +0200 avcodec/hevc/refs: Check multiplication in alloc_frame() Fixes: integer overflow on 32bit (cherry picked from commit fd5023053afb86d3abbc26197aeb38e4dfde20f1) Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/hevc/refs.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavcodec/hevc/refs.c b/libavcodec/hevc/refs.c index ccf7258ec4..1faede4e3d 100644 --- a/libavcodec/hevc/refs.c +++ b/libavcodec/hevc/refs.c @@ -162,7 +162,10 @@ static HEVCFrame *alloc_frame(HEVCContext *s, HEVCLayerContext *l) if (ret < 0) goto fail; - frame->rpl = av_refstruct_allocz(s->pkt.nb_nals * sizeof(*frame->rpl)); + size_t rpl_bytes; + if (av_size_mult(s->pkt.nb_nals, sizeof(*frame->rpl), &rpl_bytes) < 0) + goto fail; + frame->rpl = av_refstruct_allocz(rpl_bytes); if (!frame->rpl) goto fail; frame->nb_rpl_elems = s->pkt.nb_nals; _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
