This is an automated email from the git hooks/post-receive script.
Git pushed a commit to branch release/8.1
in repository ffmpeg.
The following commit(s) were added to refs/heads/release/8.1 by this push:
new 58d4114d36 avformat/oggparsevorbis.c: Prevent integer overflow when
summing header lengths; add bounds check.
58d4114d36 is described below
commit 58d4114d36f22118c94f3e402c5c658d1790a5ee
Author: Romain Beauxis <[email protected]>
AuthorDate: Thu May 21 20:55:41 2026 +0000
Commit: Romain Beauxis <[email protected]>
CommitDate: Tue May 26 16:49:12 2026 -0500
avformat/oggparsevorbis.c: Prevent integer overflow when summing header
lengths; add bounds check.
Cherry-picked from 6e0e13b0bf0493e764f0cdf9d0912b92e118bf32
Signed-off-by: Romain Beauxis <[email protected]>
---
libavformat/oggparsevorbis.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavformat/oggparsevorbis.c b/libavformat/oggparsevorbis.c
index ed81a431f6..145a761f2d 100644
--- a/libavformat/oggparsevorbis.c
+++ b/libavformat/oggparsevorbis.c
@@ -230,8 +230,11 @@ static int fixup_vorbis_headers(AVFormatContext *as,
int i, offset, len, err;
int buf_len;
unsigned char *ptr;
+ uint64_t total_len = (uint64_t)priv->len[0] + priv->len[1] + priv->len[2];
+ if (total_len + total_len / 255 + 64 > INT_MAX)
+ return AVERROR_INVALIDDATA;
- len = priv->len[0] + priv->len[1] + priv->len[2];
+ len = total_len;
buf_len = len + len / 255 + 64;
if (*buf)
_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]
