This needs to be double checked or a checking way of writing should be used
Fixes: out of array access Fixes: 70007/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HDR_fuzzer-5478704150020096 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavcodec/hdrenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/hdrenc.c b/libavcodec/hdrenc.c index 20e42134bc8..a7bf36946db 100644 --- a/libavcodec/hdrenc.c +++ b/libavcodec/hdrenc.c @@ -124,7 +124,7 @@ static int hdr_encode_frame(AVCodecContext *avctx, AVPacket *pkt, uint8_t *buf; int ret; - packet_size = avctx->width * avctx->height * 4LL + 1024LL; + packet_size = avctx->height * 4LL + avctx->width * avctx->height * 8LL + 1024LL; if ((ret = ff_get_encode_buffer(avctx, pkt, packet_size, 0)) < 0) return ret; -- 2.45.2 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".