This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/5.1 in repository ffmpeg.
commit fcb88486d0fb9c4e23f41e5f1f18c30e71831d71 Author: Michael Niedermayer <[email protected]> AuthorDate: Wed Apr 8 12:23:16 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Tue May 5 15:21:17 2026 +0200 avcodec/tdsc: Check jpeg size Fixes: out of array read Fixes: tdsc_tile_dim_mismatch.avi Found-by: Ante Silovic <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit bb69a090a7cad34e21c645c8bcedbdd4ed92db5b) Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/tdsc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/tdsc.c b/libavcodec/tdsc.c index 974b62a08b..98758d78e5 100644 --- a/libavcodec/tdsc.c +++ b/libavcodec/tdsc.c @@ -360,7 +360,8 @@ static int tdsc_decode_jpeg_tile(AVCodecContext *avctx, int tile_size, } ret = avcodec_receive_frame(ctx->jpeg_avctx, ctx->jpgframe); - if (ret < 0 || ctx->jpgframe->format != AV_PIX_FMT_YUVJ420P) { + if (ret < 0 || ctx->jpgframe->format != AV_PIX_FMT_YUVJ420P || + w > ctx->jpgframe->width || h > ctx->jpgframe->height) { av_log(avctx, AV_LOG_ERROR, "JPEG decoding error (%d).\n", ret); _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
