This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/8.0 in repository ffmpeg.
commit b9f97a8e400d6b0e02d53e8c3640e816b0cae414 Author: Michael Niedermayer <[email protected]> AuthorDate: Thu May 21 06:28:15 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Sun Jun 14 04:59:01 2026 +0200 avformat/mxfdec: zero-init Sony MPEG-4 extradata and add padding Found-by: Calm (AI security-research agent, for John Bradley / Credex) (cherry picked from commit 8f1769703c62c808e88c358de6496ed2a7fbce2e) Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/mxfdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index dc5dff651a..890cbb28e4 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -1436,12 +1436,12 @@ static int mxf_read_generic_descriptor(void *arg, AVIOContext *pb, int tag, int break; default: /* Private uid used by SONY C0023S01.mxf */ - if (IS_KLV_KEY(uid, mxf_sony_mpeg4_extradata)) { + if (IS_KLV_KEY(uid, mxf_sony_mpeg4_extradata) && size <= INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE) { if (descriptor->extradata) av_log(NULL, AV_LOG_WARNING, "Duplicate sony_mpeg4_extradata\n"); av_free(descriptor->extradata); descriptor->extradata_size = 0; - descriptor->extradata = av_malloc(size); + descriptor->extradata = av_mallocz(size + AV_INPUT_BUFFER_PADDING_SIZE); if (!descriptor->extradata) return AVERROR(ENOMEM); descriptor->extradata_size = size; _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
