This is an automated email from the git hooks/post-receive script.
Git pushed a commit to branch master
in repository ffmpeg.
The following commit(s) were added to refs/heads/master by this push:
new 8f1769703c avformat/mxfdec: zero-init Sony MPEG-4 extradata and add
padding
8f1769703c is described below
commit 8f1769703c62c808e88c358de6496ed2a7fbce2e
Author: Michael Niedermayer <[email protected]>
AuthorDate: Thu May 21 06:28:15 2026 +0200
Commit: michaelni <[email protected]>
CommitDate: Mon May 25 01:34:28 2026 +0000
avformat/mxfdec: zero-init Sony MPEG-4 extradata and add padding
Found-by: Calm (AI security-research agent, for John Bradley / Credex)
---
libavformat/mxfdec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index a5a8417487..58ea0bbca5 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -1438,12 +1438,12 @@ static int mxf_read_generic_descriptor(void *arg,
AVIOContext *pb, int tag, int
break;
default:
/* Private uid used by SONY C0023S01.mxf */
- if (IS_KLV_KEY(uid, mxf_sony_mpeg4_extradata)) {
+ if (IS_KLV_KEY(uid, mxf_sony_mpeg4_extradata) && size <= INT_MAX -
AV_INPUT_BUFFER_PADDING_SIZE) {
if (descriptor->extradata)
av_log(NULL, AV_LOG_WARNING, "Duplicate
sony_mpeg4_extradata\n");
av_free(descriptor->extradata);
descriptor->extradata_size = 0;
- descriptor->extradata = av_malloc(size);
+ descriptor->extradata = av_mallocz(size +
AV_INPUT_BUFFER_PADDING_SIZE);
if (!descriptor->extradata)
return AVERROR(ENOMEM);
descriptor->extradata_size = size;
_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]
