The branch, master has been updated
via 5b98cea4bff2cbbb251b621a2b6c3ab76f814efa (commit)
from 83e0298de217a7108ee703806d6380e554007972 (commit)
- Log -----------------------------------------------------------------
commit 5b98cea4bff2cbbb251b621a2b6c3ab76f814efa
Author: Michael Niedermayer <[email protected]>
AuthorDate: Fri Oct 31 23:08:45 2025 +0100
Commit: Michael Niedermayer <[email protected]>
CommitDate: Sat Nov 1 23:22:32 2025 +0100
avformat/sctp: Check size in sctp_write()
Fixes: out of array access
No testcase
Found-by: Joshua Rogers <[email protected]> with ZeroPath
Reviewed-by: Joshua Rogers <[email protected]>
Signed-off-by: Michael Niedermayer <[email protected]>
diff --git a/libavformat/sctp.c b/libavformat/sctp.c
index 4122fbe312..9a6b991803 100644
--- a/libavformat/sctp.c
+++ b/libavformat/sctp.c
@@ -332,6 +332,9 @@ static int sctp_write(URLContext *h, const uint8_t *buf,
int size)
}
if (s->max_streams) {
+ if (size < 2)
+ return AVERROR(EINVAL);
+
/*StreamId is introduced as a 2byte code into the stream*/
struct sctp_sndrcvinfo info = { 0 };
info.sinfo_stream = AV_RB16(buf);
-----------------------------------------------------------------------
Summary of changes:
libavformat/sctp.c | 3 +++
1 file changed, 3 insertions(+)
hooks/post-receive
--
_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]
