This is an automated email from the git hooks/post-receive script.
Git pushed a commit to branch release/7.1
in repository ffmpeg.
The following commit(s) were added to refs/heads/release/7.1 by this push:
new adcf20da26 avformat/oggparsevorbis.c: Prevent integer overflow when
summing header lengths; add bounds check.
adcf20da26 is described below
commit adcf20da26a0ef6a2cfe1b735d933d8ac10a7562
Author: Romain Beauxis <[email protected]>
AuthorDate: Thu May 21 20:55:41 2026 +0000
Commit: Romain Beauxis <[email protected]>
CommitDate: Tue May 26 16:50:10 2026 -0500
avformat/oggparsevorbis.c: Prevent integer overflow when summing header
lengths; add bounds check.
Cherry-picked from 6e0e13b0bf0493e764f0cdf9d0912b92e118bf32
Signed-off-by: Romain Beauxis <[email protected]>
---
libavformat/oggparsevorbis.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavformat/oggparsevorbis.c b/libavformat/oggparsevorbis.c
index 9f50ab9ffc..d933153ade 100644
--- a/libavformat/oggparsevorbis.c
+++ b/libavformat/oggparsevorbis.c
@@ -224,8 +224,11 @@ static int fixup_vorbis_headers(AVFormatContext *as,
int i, offset, len, err;
int buf_len;
unsigned char *ptr;
+ uint64_t total_len = (uint64_t)priv->len[0] + priv->len[1] + priv->len[2];
+ if (total_len + total_len / 255 + 64 > INT_MAX)
+ return AVERROR_INVALIDDATA;
- len = priv->len[0] + priv->len[1] + priv->len[2];
+ len = total_len;
buf_len = len + len / 255 + 64;
if (*buf)
_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]
