This is an automated email from the git hooks/post-receive script.
Git pushed a commit to branch master
in repository ffmpeg.
The following commit(s) were added to refs/heads/master by this push:
new d30dead35e avcodec/truespeech: reject iterations count whose * 240
product overflows 32-bit
d30dead35e is described below
commit d30dead35e7fecae51ccd4602273153c87b1bbd9
Author: David Korczynski <[email protected]>
AuthorDate: Sat Jun 6 16:23:27 2026 +0200
Commit: michaelni <[email protected]>
CommitDate: Thu Jun 11 13:58:45 2026 +0000
avcodec/truespeech: reject iterations count whose * 240 product overflows
32-bit
Found-by: Anthropic agents; validated and reported by Ada Logics.
Signed-off-by: David Korczynski <[email protected]>
Signed-off-by: Michael Niedermayer <[email protected]>
---
libavcodec/truespeech.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libavcodec/truespeech.c b/libavcodec/truespeech.c
index 454121cc75..1c1b4057a2 100644
--- a/libavcodec/truespeech.c
+++ b/libavcodec/truespeech.c
@@ -323,6 +323,11 @@ static int truespeech_decode_frame(AVCodecContext *avctx,
AVFrame *frame,
"Too small input buffer (%d bytes), need at least 32 bytes\n",
buf_size);
return -1;
}
+ if (iterations > INT_MAX / 240) {
+ av_log(avctx, AV_LOG_ERROR,
+ "Too large input buffer (%d bytes); per-block sample count
overflows\n", buf_size);
+ return AVERROR_INVALIDDATA;
+ }
/* get output buffer */
frame->nb_samples = iterations * 240;
_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]
