This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/7.1 in repository ffmpeg.
commit 556ab92d1af7241db08653b1b70a2645dbb3e1ad Author: Michael Niedermayer <[email protected]> AuthorDate: Sat Feb 14 01:39:22 2026 +0100 Commit: Michael Niedermayer <[email protected]> CommitDate: Mon May 4 15:57:10 2026 +0200 avformat/icodec: Check size Fixes: signed integer overflow: 14 + 2147483647 cannot be represented in type 'int' Fixes: 471688026/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5616495813263360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 237d03717fc61331483a073a3f077f1dcb5b065b) Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/icodec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/icodec.c b/libavformat/icodec.c index b09d0060a6..4eddc8fa3c 100644 --- a/libavformat/icodec.c +++ b/libavformat/icodec.c @@ -113,7 +113,7 @@ static int read_header(AVFormatContext *s) avio_skip(pb, 5); ico->images[i].size = avio_rl32(pb); - if (ico->images[i].size <= 0) { + if (ico->images[i].size <= 0 || ico->images[i].size > INT_MAX - 14) { av_log(s, AV_LOG_ERROR, "Invalid image size %d\n", ico->images[i].size); return AVERROR_INVALIDDATA; } _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
