This is an automated email from the git hooks/post-receive script.
Git pushed a commit to branch master
in repository ffmpeg.
The following commit(s) were added to refs/heads/master by this push:
new cc1459ed85 avformat/flvdec: Check size at the top of the main loop
cc1459ed85 is described below
commit cc1459ed8559307bf94326343b7d4fbd64cc7d5e
Author: Michael Niedermayer <[email protected]>
AuthorDate: Mon May 18 23:37:12 2026 +0200
Commit: michaelni <[email protected]>
CommitDate: Tue May 19 23:12:31 2026 +0000
avformat/flvdec: Check size at the top of the main loop
Fixes: signed integer overflow
Fixes: ffmpeg_flv_read_packet_libavformat_flvdec.c_1900_26.poc
Found-by: iceray-Li
Signed-off-by: Michael Niedermayer <[email protected]>
---
libavformat/flvdec.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
index 902a875474..03310503d1 100644
--- a/libavformat/flvdec.c
+++ b/libavformat/flvdec.c
@@ -1565,6 +1565,10 @@ skip:
for (;;) {
int track_size = size;
+ if (size < 0) {
+ ret = FFERROR_REDO;
+ goto leave;
+ }
if (multitrack_type != MultitrackTypeOneTrack) {
track_size = avio_rb24(s->pb);
_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]
