This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/8.0 in repository ffmpeg.
commit 7c50ce2326b9ac7eb1ababb6f92d2770614af0b4 Author: Michael Niedermayer <[email protected]> AuthorDate: Sat May 16 21:14:40 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Sun Jun 14 04:59:00 2026 +0200 avformat/ty: check rec_size Fixes: ada-4-poc.ty change is based on the suggested fix Found-by: Claude and Ada Logics. This issue was found by Anthropic from using agents to study security of open source projects Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 4492ad7228a381c2f0c8b79d333a59c7657311c9) Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/ty.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavformat/ty.c b/libavformat/ty.c index f524b74bad..596e4cc7e4 100644 --- a/libavformat/ty.c +++ b/libavformat/ty.c @@ -395,12 +395,16 @@ static int demux_video(AVFormatContext *s, TyRecHdr *rec_hdr, AVPacket *pkt) int got_packet = 0; if (subrec_type != 0x02 && subrec_type != 0x0c && - subrec_type != 0x08 && rec_size > 4) { + subrec_type != 0x08 && rec_size > 7) { + /* get the PTS from this packet if it has one. * on S1, only 0x06 has PES. On S2, however, most all do. * Do NOT Pass the PES Header to the MPEG2 codec */ es_offset1 = find_es_header(ty_VideoPacket, ty->chunk + ty->cur_chunk_pos, 5); if (es_offset1 != -1) { + if (rec_size < es_offset1 + VIDEO_PTS_OFFSET + 5) + return AVERROR_INVALIDDATA; + ty->last_video_pts = ff_parse_pes_pts( ty->chunk + ty->cur_chunk_pos + es_offset1 + VIDEO_PTS_OFFSET); if (subrec_type != 0x06) { _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
