This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/6.1 in repository ffmpeg.
commit 024b4f4141e25dc5c99b1fc8f5403f0b412f0a0b Author: Michael Niedermayer <[email protected]> AuthorDate: Sat May 2 23:35:49 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Mon May 4 17:13:40 2026 +0200 avformat/avidec: check LIST size in avi_load_index() This avoids an unsigned integer underflow and passing that large value to ff_read_riff_info() (cherry picked from commit 2678bce860877ac95423e63f7858dbb96d3e255b) Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/avidec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index b00306709c..ccbe04d923 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -1823,6 +1823,10 @@ static int avi_load_index(AVFormatContext *s) avi->index_loaded=2; ret = 0; }else if (tag == MKTAG('L', 'I', 'S', 'T')) { + if (size < 4) { + av_log(s, AV_LOG_WARNING, "Invalid size (%u) LIST in index\n", size); + break; + } uint32_t tag1 = avio_rl32(pb); if (tag1 == MKTAG('I', 'N', 'F', 'O')) _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
