PR #20809 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20809 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20809.patch
Fixes: out of array access No testcase Found-by: Joshua Rogers <[email protected]> with ZeroPath Signed-off-by: Michael Niedermayer <[email protected]> >From e124c1f611e45eda94192afbdb6d0d36747892e9 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Fri, 31 Oct 2025 23:08:45 +0100 Subject: [PATCH] avformat/sctp: Check size in sctp_write() Fixes: out of array access No testcase Found-by: Joshua Rogers <[email protected]> with ZeroPath Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/sctp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/sctp.c b/libavformat/sctp.c index 4122fbe312..9a6b991803 100644 --- a/libavformat/sctp.c +++ b/libavformat/sctp.c @@ -332,6 +332,9 @@ static int sctp_write(URLContext *h, const uint8_t *buf, int size) } if (s->max_streams) { + if (size < 2) + return AVERROR(EINVAL); + /*StreamId is introduced as a 2byte code into the stream*/ struct sctp_sndrcvinfo info = { 0 }; info.sinfo_stream = AV_RB16(buf); -- 2.49.1 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
