This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch master in repository ffmpeg.
commit d1985442e1e56228a645a7f7d34e23c06deb61c0 Author: Michael Niedermayer <[email protected]> AuthorDate: Mon Dec 22 23:59:53 2025 +0100 Commit: michaelni <[email protected]> CommitDate: Wed Dec 24 12:04:07 2025 +0000 avformat/hls: Check seg size and offset for overflow Fixes: integer overflow Fixes: signed integer overflow: 9223372036854775807 + 2039324394 cannot be represented in type 'int64_t' (aka 'long') Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/hls.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/hls.c b/libavformat/hls.c index 22ee1c6872..11d3050b20 100644 --- a/libavformat/hls.c +++ b/libavformat/hls.c @@ -975,6 +975,10 @@ static int parse_playlist(HLSContext *c, const char *url, ptr = strchr(ptr, '@'); if (ptr) seg_offset = strtoll(ptr+1, NULL, 10); + if (seg_size < 0 || seg_offset > INT64_MAX - seg_size) { + ret = AVERROR_INVALIDDATA; + goto fail; + } } else if (av_strstart(line, "#", NULL)) { av_log(c->ctx, AV_LOG_VERBOSE, "Skip ('%s')\n", line); continue; _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
