This is an automated email from the git hooks/post-receive script.
Git pushed a commit to branch master
in repository ffmpeg.
The following commit(s) were added to refs/heads/master by this push:
new 50e65074f5 avformat/dhav: Fix second integer overflow in get_duration()
50e65074f5 is described below
commit 50e65074f5cca638d6dd4cf9db4b6dcf4f0a863e
Author: David Korczynski <[email protected]>
AuthorDate: Wed May 20 15:15:01 2026 -0700
Commit: michaelni <[email protected]>
CommitDate: Fri Jun 12 00:46:32 2026 +0000
avformat/dhav: Fix second integer overflow in get_duration()
Fixes: ada-2-poc.dhav
Found-by: Claude and Ada Logics. This issue was found by Anthropic from
using agents to study security of open source projects, and I am from Ada
Logics helping validate the found issues and report to maintainers.
---
libavformat/dhav.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/dhav.c b/libavformat/dhav.c
index 598780e8b8..82e2783461 100644
--- a/libavformat/dhav.c
+++ b/libavformat/dhav.c
@@ -280,7 +280,7 @@ static int64_t get_duration(AVFormatContext *s)
}
}
- if (pos < buffer_pos || pos + 20 > buffer_pos + buffer_size)
+ if (pos < buffer_pos || pos - buffer_pos > buffer_size - 20)
goto fail;
date = AV_RL32(buffer + (pos - buffer_pos) + 16);
_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]
