This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/7.1 in repository ffmpeg.
commit 758580356281a0a666198a9380211933977ba8e3 Author: Niels Provos <[email protected]> AuthorDate: Fri May 1 19:48:16 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Mon May 4 15:57:30 2026 +0200 avcodec/hevc/refs: Check multiplication in alloc_frame() Fixes: integer overflow on 32bit (cherry picked from commit fd5023053afb86d3abbc26197aeb38e4dfde20f1) Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/hevc/refs.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavcodec/hevc/refs.c b/libavcodec/hevc/refs.c index 6ba667e9f5..19bd8886d6 100644 --- a/libavcodec/hevc/refs.c +++ b/libavcodec/hevc/refs.c @@ -135,7 +135,10 @@ static HEVCFrame *alloc_frame(HEVCContext *s, HEVCLayerContext *l) if (ret < 0) return NULL; - frame->rpl = ff_refstruct_allocz(s->pkt.nb_nals * sizeof(*frame->rpl)); + size_t rpl_bytes; + if (av_size_mult(s->pkt.nb_nals, sizeof(*frame->rpl), &rpl_bytes) < 0) + goto fail; + frame->rpl = ff_refstruct_allocz(rpl_bytes); if (!frame->rpl) goto fail; frame->nb_rpl_elems = s->pkt.nb_nals; _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
