This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/4.4 in repository ffmpeg.
commit 8df701d7b2d7c430555e14d15e0290fde74f18cc Author: Michael Niedermayer <[email protected]> AuthorDate: Sat May 2 23:35:49 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Tue May 5 19:27:35 2026 +0200 avformat/avidec: check LIST size in avi_load_index() This avoids an unsigned integer underflow and passing that large value to ff_read_riff_info() (cherry picked from commit 2678bce860877ac95423e63f7858dbb96d3e255b) Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/avidec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index fd1ecfcf9e..b7e3b28d76 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -1814,6 +1814,10 @@ static int avi_load_index(AVFormatContext *s) avi->index_loaded=2; ret = 0; }else if (tag == MKTAG('L', 'I', 'S', 'T')) { + if (size < 4) { + av_log(s, AV_LOG_WARNING, "Invalid size (%u) LIST in index\n", size); + break; + } uint32_t tag1 = avio_rl32(pb); if (tag1 == MKTAG('I', 'N', 'F', 'O')) _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
