This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/6.1 in repository ffmpeg.
commit 56becfd6d59f89e1a9954c58f0d00e2e80c749ed Author: Michael Niedermayer <[email protected]> AuthorDate: Sat Feb 14 01:39:22 2026 +0100 Commit: Michael Niedermayer <[email protected]> CommitDate: Mon May 4 17:13:20 2026 +0200 avformat/icodec: Check size Fixes: signed integer overflow: 14 + 2147483647 cannot be represented in type 'int' Fixes: 471688026/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5616495813263360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 237d03717fc61331483a073a3f077f1dcb5b065b) Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/icodec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/icodec.c b/libavformat/icodec.c index ae1436397a..bbaa5988e7 100644 --- a/libavformat/icodec.c +++ b/libavformat/icodec.c @@ -111,7 +111,7 @@ static int read_header(AVFormatContext *s) avio_skip(pb, 5); ico->images[i].size = avio_rl32(pb); - if (ico->images[i].size <= 0) { + if (ico->images[i].size <= 0 || ico->images[i].size > INT_MAX - 14) { av_log(s, AV_LOG_ERROR, "Invalid image size %d\n", ico->images[i].size); return AVERROR_INVALIDDATA; } _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
