PR #20900 opened by usepgp URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20900 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20900.patch
A chromium fuzzer identified this potential UB int overflow. >From d55c6e8a2c49319eb779ec795fdd657cbc524fc7 Mon Sep 17 00:00:00 2001 From: Ted Meyer <[email protected]> Date: Wed, 15 Oct 2025 14:00:18 -0700 Subject: [PATCH] Fix flacdec int overflow with a saturated add A chromium fuzzer identified this. --- libavformat/flacdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/flacdec.c b/libavformat/flacdec.c index e80b49307d..219bc4e416 100644 --- a/libavformat/flacdec.c +++ b/libavformat/flacdec.c @@ -47,7 +47,7 @@ static void reset_index_position(int64_t metadata_head_size, AVStream *st) FFStream *const sti = ffstream(st); /* the real seek index offset should be the size of metadata blocks with the offset in the frame blocks */ for (int i = 0; i < sti->nb_index_entries; i++) - sti->index_entries[i].pos += metadata_head_size; + sti->index_entries[i].pos = av_sat_add64(sti->index_entries[i].pos, metadata_head_size); } static const uint16_t sr_table[16] = { -- 2.49.1 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
