This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/4.4 in repository ffmpeg.
commit 3375dc11e2e417e2af1d7303e38d35c0e8bce4e2 Author: Michael Niedermayer <[email protected]> AuthorDate: Wed Apr 8 12:23:16 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Tue May 5 18:55:12 2026 +0200 avcodec/tdsc: Check jpeg size Fixes: out of array read Fixes: tdsc_tile_dim_mismatch.avi Found-by: Ante Silovic <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit bb69a090a7cad34e21c645c8bcedbdd4ed92db5b) Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/tdsc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/tdsc.c b/libavcodec/tdsc.c index bc7701d6e9..5d8db26f52 100644 --- a/libavcodec/tdsc.c +++ b/libavcodec/tdsc.c @@ -359,7 +359,8 @@ static int tdsc_decode_jpeg_tile(AVCodecContext *avctx, int tile_size, } ret = avcodec_receive_frame(ctx->jpeg_avctx, ctx->jpgframe); - if (ret < 0 || ctx->jpgframe->format != AV_PIX_FMT_YUVJ420P) { + if (ret < 0 || ctx->jpgframe->format != AV_PIX_FMT_YUVJ420P || + w > ctx->jpgframe->width || h > ctx->jpgframe->height) { av_log(avctx, AV_LOG_ERROR, "JPEG decoding error (%d).\n", ret); _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
