This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/7.1 in repository ffmpeg.
commit 597140939f26e0def942b5ffed2a2c5f12a0e9b5 Author: David Korczynski <[email protected]> AuthorDate: Fri Jun 5 00:14:06 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Thu Jun 18 20:31:01 2026 +0200 avcodec/on2avc: reject subframe count whose * SUBFRAME_SIZE product overflows 32-bit Found-by: Anthropic agents; validated and reported by Ada Logics. Signed-off-by: David Korczynski <[email protected]> (cherry picked from commit 331b3e9dea484f4974bbff2596e6e31c3d5e4685) Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/on2avc.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/on2avc.c b/libavcodec/on2avc.c index 3badfae891..28618105cf 100644 --- a/libavcodec/on2avc.c +++ b/libavcodec/on2avc.c @@ -866,6 +866,12 @@ static int on2avc_decode_frame(AVCodecContext * avctx, AVFrame *frame, av_log(avctx, AV_LOG_ERROR, "No subframes present\n"); return AVERROR_INVALIDDATA; } + if (num_frames > INT_MAX / ON2AVC_SUBFRAME_SIZE) { + av_log(avctx, AV_LOG_ERROR, + "Too many subframes (%d); per-frame sample count overflows\n", + num_frames); + return AVERROR_INVALIDDATA; + } /* get output buffer */ frame->nb_samples = ON2AVC_SUBFRAME_SIZE * num_frames; _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
