This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/5.1 in repository ffmpeg.
commit 314477fd32c977a06f65f764a9cbfab48942366b Author: Michael Niedermayer <[email protected]> AuthorDate: Tue Feb 10 18:42:07 2026 +0100 Commit: Michael Niedermayer <[email protected]> CommitDate: Tue May 5 15:21:15 2026 +0200 avcodec/svq1dec: Check input space for minimum We reject inputs that are significantly smaller than the smallest frame. This check raises the minimum input needed before time consuming computations are performed it thus improves the computation per input byte and reduces the potential DoS impact Fixes: Timeout Fixes: 472769364/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ1_DEC_fuzzer-5519737145851904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit d538a71ad52404662d986ec9921b6bc53d353e7f) Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/svq1dec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/svq1dec.c b/libavcodec/svq1dec.c index 6fb50575bf..dec7fd96f8 100644 --- a/libavcodec/svq1dec.c +++ b/libavcodec/svq1dec.c @@ -680,6 +680,11 @@ static int svq1_decode_frame(AVCodecContext *avctx, AVFrame *cur, avctx->skip_frame >= AVDISCARD_ALL) return buf_size; + // Reject obviously too-small packets early: require at least one remaining bit per aligned luma macroblock. + // FFALIGN(s->width, 16) * FFALIGN(s->height, 16) / 256 represent the number of Macroblocks + if (get_bits_left(&s->gb) < FFALIGN(s->width, 16) * FFALIGN(s->height, 16) / 256) + return AVERROR_INVALIDDATA; + result = ff_get_buffer(avctx, cur, s->nonref ? 0 : AV_GET_BUFFER_FLAG_REF); if (result < 0) return result; _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
