This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/4.4 in repository ffmpeg.
commit 085da59105ec4bedc35496461b0313e2f64a4eb4 Author: Michael Niedermayer <[email protected]> AuthorDate: Sat Feb 14 01:39:22 2026 +0100 Commit: Michael Niedermayer <[email protected]> CommitDate: Tue May 5 18:55:02 2026 +0200 avformat/icodec: Check size Fixes: signed integer overflow: 14 + 2147483647 cannot be represented in type 'int' Fixes: 471688026/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5616495813263360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 237d03717fc61331483a073a3f077f1dcb5b065b) Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/icodec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/icodec.c b/libavformat/icodec.c index 128a495948..0444975266 100644 --- a/libavformat/icodec.c +++ b/libavformat/icodec.c @@ -114,7 +114,7 @@ static int read_header(AVFormatContext *s) avio_skip(pb, 5); ico->images[i].size = avio_rl32(pb); - if (ico->images[i].size <= 0) { + if (ico->images[i].size <= 0 || ico->images[i].size > INT_MAX - 14) { av_log(s, AV_LOG_ERROR, "Invalid image size %d\n", ico->images[i].size); goto fail; } _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
