This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/6.1 in repository ffmpeg.
commit af4212d0009d1315d86385a900eb55504176ef43 Author: Michael Niedermayer <[email protected]> AuthorDate: Wed Apr 8 11:17:47 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Mon May 4 17:13:35 2026 +0200 avcodec/tdsc: Check tile_size Fixes: out of array read Fixes: tdsc_war_groom_far4096.avi Found by: Ante Silovic <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit e9e6fb879835a4016b433ad2c4a224f62c686de3) Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/tdsc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/tdsc.c b/libavcodec/tdsc.c index 739738d9b1..f8d17b64cd 100644 --- a/libavcodec/tdsc.c +++ b/libavcodec/tdsc.c @@ -437,6 +437,9 @@ static int tdsc_decode_tiles(AVCodecContext *avctx, int number_tiles) if (ret < 0) return ret; } else if (tile_mode == MKTAG(' ','W','A','R')) { + if (3LL * w * h > tile_size) + return AVERROR_INVALIDDATA; + /* Just copy the buffer to output */ av_image_copy_plane(ctx->refframe->data[0] + x * 3 + ctx->refframe->linesize[0] * y, _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
