This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch master in repository ffmpeg.
commit 6c878f8b829bc9da4bbb5196c125e55a7c3ac32f Author: Jun Zhao <[email protected]> AuthorDate: Mon Jan 5 21:47:22 2026 +0800 Commit: James Almer <[email protected]> CommitDate: Wed Jan 14 23:56:39 2026 +0000 lavf/movenc: fix missing padding for AV1 extradata The extradata allocated in mov_write_single_packet() for AV1 was missing the required AV_INPUT_BUFFER_PADDING_SIZE padding bytes. This could lead to out-of-bounds reads when the extradata is parsed by bitstream readers. Replace av_memdup() with av_malloc() + memset() + memcpy() to ensure proper padding is present and zeroed. Reproduced with: ./ffmpeg -y -f lavfi -i "testsrc=duration=1:size=320x240:rate=30" -c:v libaom-av1 -cpu-used 8 -crf 50 test-av1.mp4 Signed-off-by: Jun Zhao <[email protected]> --- libavformat/movenc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/movenc.c b/libavformat/movenc.c index e844be483c..802c37fc4a 100644 --- a/libavformat/movenc.c +++ b/libavformat/movenc.c @@ -7205,9 +7205,11 @@ static int mov_write_single_packet(AVFormatContext *s, AVPacket *pkt) uint8_t *side = av_packet_get_side_data(pkt, AV_PKT_DATA_NEW_EXTRADATA, &side_size); /* Overwrite extradata only on flush packets or when no extradata was available during init */ if (side_size > 0 && (!pkt->size || !trk->extradata_size[trk->last_stsd_index])) { - void *newextra = av_memdup(side, side_size); + void *newextra = av_malloc(side_size + AV_INPUT_BUFFER_PADDING_SIZE); if (!newextra) return AVERROR(ENOMEM); + memset((uint8_t*)newextra + side_size, 0, AV_INPUT_BUFFER_PADDING_SIZE); + memcpy(newextra, side, side_size); av_free(trk->extradata[trk->last_stsd_index]); trk->extradata[trk->last_stsd_index] = newextra; trk->extradata_size[trk->last_stsd_index] = side_size; _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
