This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/4.4 in repository ffmpeg.
commit baf0b00ef71a69da4a6e7a847108babaa11a8643 Author: Michael Niedermayer <[email protected]> AuthorDate: Wed Apr 8 11:17:47 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Tue May 5 18:55:12 2026 +0200 avcodec/tdsc: Check tile_size Fixes: out of array read Fixes: tdsc_war_groom_far4096.avi Found by: Ante Silovic <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit e9e6fb879835a4016b433ad2c4a224f62c686de3) Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/tdsc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/tdsc.c b/libavcodec/tdsc.c index 9e7381c2bb..87c5f98fec 100644 --- a/libavcodec/tdsc.c +++ b/libavcodec/tdsc.c @@ -436,6 +436,9 @@ static int tdsc_decode_tiles(AVCodecContext *avctx, int number_tiles) if (ret < 0) return ret; } else if (tile_mode == MKTAG(' ','W','A','R')) { + if (3LL * w * h > tile_size) + return AVERROR_INVALIDDATA; + /* Just copy the buffer to output */ av_image_copy_plane(ctx->refframe->data[0] + x * 3 + ctx->refframe->linesize[0] * y, _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
