This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/5.1 in repository ffmpeg.
commit 0b1b1763615960b7a81949d83f8ea8242ce5dda6 Author: Michael Niedermayer <[email protected]> AuthorDate: Fri Feb 6 22:37:53 2026 +0100 Commit: Michael Niedermayer <[email protected]> CommitDate: Tue May 5 15:21:05 2026 +0200 avcodec/mdec: Check input space vs minimal block size Fixes: Timeout Fixes: 481006706/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MDEC_fuzzer-6122832651419648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 40cafc25cfc435e91ff3862cd9489573f6a38dc1) Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/mdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/mdec.c b/libavcodec/mdec.c index deabebda62..d71c7f68fc 100644 --- a/libavcodec/mdec.c +++ b/libavcodec/mdec.c @@ -175,6 +175,9 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame, int buf_size = avpkt->size; int ret; + if (a->mb_width * a->mb_height * 3 > buf_size) + return AVERROR_INVALIDDATA; + if ((ret = ff_thread_get_buffer(avctx, frame, 0)) < 0) return ret; frame->pict_type = AV_PICTURE_TYPE_I; _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
