This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/8.1 in repository ffmpeg.
commit faa81d0b1895e4761a6eddd1201ae4aef5324189 Author: jiale yao <[email protected]> AuthorDate: Fri Jun 12 17:26:09 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Mon Jun 15 23:57:22 2026 +0200 avformat/rtpenc_amr: Check input size Fixes: heap buffer overflow Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 71478d11658d8a6f38138b6621061b8c6f2e5074) Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/rtpenc_amr.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/rtpenc_amr.c b/libavformat/rtpenc_amr.c index 8df5a3cf3e..60356ac984 100644 --- a/libavformat/rtpenc_amr.c +++ b/libavformat/rtpenc_amr.c @@ -34,6 +34,10 @@ void ff_rtp_send_amr(AVFormatContext *s1, const uint8_t *buff, int size) int max_header_toc_size = 1 + s->max_frames_per_packet; uint8_t *p; int len; + int max_size = st->codecpar->codec_id == AV_CODEC_ID_AMR_NB ? 32 : 61; + + if (size < 1 || size > max_size) + return; /* Test if the packet must be sent. */ len = s->buf_ptr - s->buf; _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
