This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch master in repository ffmpeg.
commit 15bbf3a21d11847de21aa429ec22acf9424953ec Author: Michael Niedermayer <[email protected]> AuthorDate: Sun Jul 5 03:22:13 2026 +0200 Commit: michaelni <[email protected]> CommitDate: Thu Jul 9 02:53:53 2026 +0000 avformat/spdif: fix reading past the buffer when probing AAC in IEC 61937 Fixes: read of uninitialized memory Fixes: 528525234/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-6429204661731328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg --- libavformat/spdifdec.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavformat/spdifdec.c b/libavformat/spdifdec.c index dcfe471f45..fe45deb157 100644 --- a/libavformat/spdifdec.c +++ b/libavformat/spdifdec.c @@ -142,7 +142,10 @@ int ff_spdif_probe(const uint8_t *p_buf, int buf_size, enum AVCodecID *codec) } else consecutive_codes = 0; - if (buf + 4 + AV_AAC_ADTS_HEADER_SIZE > p_buf + buf_size) + /* spdif_get_offset_and_codec() parses AV_AAC_ADTS_HEADER_SIZE + * bytes starting at buf[5] (the payload after the 4 byte sync and + * the Pc/Pd burst header), so that many bytes must be available. */ + if (buf + 5 + AV_AAC_ADTS_HEADER_SIZE > p_buf + buf_size) break; /* continue probing to find more sync codes */ _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
