This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/8.0 in repository ffmpeg.
commit 8d58dc8485b485c74d6422f94fe985a17c765b63 Author: David Korczynski <[email protected]> AuthorDate: Fri Jun 5 00:14:06 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Sun Jun 14 04:59:11 2026 +0200 avcodec/on2avc: reject subframe count whose * SUBFRAME_SIZE product overflows 32-bit Found-by: Anthropic agents; validated and reported by Ada Logics. Signed-off-by: David Korczynski <[email protected]> (cherry picked from commit 331b3e9dea484f4974bbff2596e6e31c3d5e4685) Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/on2avc.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/on2avc.c b/libavcodec/on2avc.c index 57bd5fd6d6..6cf59e3e04 100644 --- a/libavcodec/on2avc.c +++ b/libavcodec/on2avc.c @@ -866,6 +866,12 @@ static int on2avc_decode_frame(AVCodecContext * avctx, AVFrame *frame, av_log(avctx, AV_LOG_ERROR, "No subframes present\n"); return AVERROR_INVALIDDATA; } + if (num_frames > INT_MAX / ON2AVC_SUBFRAME_SIZE) { + av_log(avctx, AV_LOG_ERROR, + "Too many subframes (%d); per-frame sample count overflows\n", + num_frames); + return AVERROR_INVALIDDATA; + } /* get output buffer */ frame->nb_samples = ON2AVC_SUBFRAME_SIZE * num_frames; _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
