This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/5.1 in repository ffmpeg.
commit d6e4e951c77927a0add52f55f4451136c34b489c Author: Michael Niedermayer <[email protected]> AuthorDate: Fri May 1 21:33:25 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Tue May 5 16:03:30 2026 +0200 avcodec/dfpwmdec: Check nb_samples Fixes: integer overflow Found-by: Dhiraj Mishra <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 118bddf0ce42cc0b6b70ca35860b02dc9b891e70) Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/dfpwmdec.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/dfpwmdec.c b/libavcodec/dfpwmdec.c index d013d4c215..ad6fdf641e 100644 --- a/libavcodec/dfpwmdec.c +++ b/libavcodec/dfpwmdec.c @@ -106,15 +106,16 @@ static int dfpwm_dec_frame(struct AVCodecContext *ctx, AVFrame *frame, { DFPWMState *state = ctx->priv_data; int ret; + uint64_t nb_samples = packet->size * 8LL / ctx->ch_layout.nb_channels; if (packet->size * 8LL % ctx->ch_layout.nb_channels) return AVERROR_PATCHWELCOME; - frame->nb_samples = packet->size * 8LL / ctx->ch_layout.nb_channels; - if (frame->nb_samples <= 0) { + if (nb_samples > INT_MAX || !nb_samples) { av_log(ctx, AV_LOG_ERROR, "invalid number of samples in packet\n"); return AVERROR_INVALIDDATA; } + frame->nb_samples = nb_samples; if ((ret = ff_get_buffer(ctx, frame, 0)) < 0) return ret; _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
