PR #22596 opened by Priyanshuthapliyal URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22596 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22596.patch
The expression (exif_len & ~SIZE_MAX) is always 0 for size_t, making the overflow guard permanently dead code. Reported-by: Guanni Qu <[email protected]> Signed-off-by: Priyanshu Thapliyal <[email protected]> >From 5f1993406583bf0da77dec57f9b3b3dd116e3146 Mon Sep 17 00:00:00 2001 From: Priyanshu Thapliyal <[email protected]> Date: Tue, 24 Mar 2026 00:49:55 +0530 Subject: [PATCH] avcodec/pngdec: fix dead overflow check in decode_text_to_exif() The expression (exif_len & ~SIZE_MAX) is always 0 for size_t, making the overflow guard permanently dead code. Reported-by: Guanni Qu <[email protected]> Signed-off-by: Priyanshu Thapliyal <[email protected]> --- libavcodec/pngdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c index 042b6a5c2f..d630617004 100644 --- a/libavcodec/pngdec.c +++ b/libavcodec/pngdec.c @@ -558,7 +558,7 @@ static int decode_text_to_exif(PNGDecContext *s, const char *txt_utf8) } // first condition checks for overflow in 2 * exif_len - if ((exif_len & ~SIZE_MAX) || end - ptr < 2 * exif_len) + if (exif_len > SIZE_MAX / 2 || end - ptr < 2 * exif_len) return AVERROR_INVALIDDATA; if (exif_len < 10) return AVERROR_INVALIDDATA; -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
