PR #23198 opened by michaelni
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23198
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23198.patch
Fixes: out of array access
Regression since d8cb567 ("prores_raw: fix tile alignment
issues").
Found-by: amhurtado <[email protected]>
Signed-off-by: amhurtado <[email protected]>
>From 4bbb4acfca945e06b9bb7caf6684a221a142d69a Mon Sep 17 00:00:00 2001
From: amhurtado <[email protected]>
Date: Tue, 19 May 2026 15:55:21 -0500
Subject: [PATCH] avcodec/prores_raw: reject invalid tile alignment values
Fixes: out of array access
Regression since d8cb567 ("prores_raw: fix tile alignment
issues").
Found-by: amhurtado <[email protected]>
Signed-off-by: amhurtado <[email protected]>
---
libavcodec/prores_raw.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libavcodec/prores_raw.c b/libavcodec/prores_raw.c
index f386b22496..db6bfcd6eb 100644
--- a/libavcodec/prores_raw.c
+++ b/libavcodec/prores_raw.c
@@ -427,6 +427,11 @@ static int decode_frame(AVCodecContext *avctx,
/* Flags */
int flags = bytestream2_get_be16(&gb_hdr);
int align = (flags >> 1) & 0x7;
+ if (align > 4) {
+ av_log(avctx, AV_LOG_ERROR,
+ "Invalid tile alignment %d (max 4)\n", align);
+ return AVERROR_INVALIDDATA;
+ }
/* Quantization matrix */
if (flags & 1)
--
2.52.0
_______________________________________________
ffmpeg-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
