This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/7.1 in repository ffmpeg.
commit 57217afb28df314df50a4e214430f54a3c8d09b7 Author: Michael Niedermayer <[email protected]> AuthorDate: Thu May 21 06:28:15 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Thu Jun 18 20:30:54 2026 +0200 avformat/mxfdec: zero-init Sony MPEG-4 extradata and add padding Found-by: Calm (AI security-research agent, for John Bradley / Credex) (cherry picked from commit 8f1769703c62c808e88c358de6496ed2a7fbce2e) Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/mxfdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index 8905008202..0a6d49def3 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -1404,12 +1404,12 @@ static int mxf_read_generic_descriptor(void *arg, AVIOContext *pb, int tag, int break; default: /* Private uid used by SONY C0023S01.mxf */ - if (IS_KLV_KEY(uid, mxf_sony_mpeg4_extradata)) { + if (IS_KLV_KEY(uid, mxf_sony_mpeg4_extradata) && size <= INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE) { if (descriptor->extradata) av_log(NULL, AV_LOG_WARNING, "Duplicate sony_mpeg4_extradata\n"); av_free(descriptor->extradata); descriptor->extradata_size = 0; - descriptor->extradata = av_malloc(size); + descriptor->extradata = av_mallocz(size + AV_INPUT_BUFFER_PADDING_SIZE); if (!descriptor->extradata) return AVERROR(ENOMEM); descriptor->extradata_size = size; _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
