This is an automated email from the git hooks/post-receive script.

Git pushed a commit to branch master
in repository ffmpeg.

The following commit(s) were added to refs/heads/master by this push:
     new 63958ce2b5 avcodec/apac: Check bitstream_size to avoid integer overflow
63958ce2b5 is described below

commit 63958ce2b5dd1b22f534fc968c86329cbbceef07
Author:     Anxious Koisi <[email protected]>
AuthorDate: Sun Jun 28 23:03:25 2026 +0200
Commit:     michaelni <[email protected]>
CommitDate: Fri Jul 3 01:51:06 2026 +0000

    avcodec/apac: Check bitstream_size to avoid integer overflow
    
    Found-by: k00shi_
    Fixes: OOM
    Fixes: poc.c
    Fixes: XMkAe1I9uFro
---
 libavcodec/apac.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/apac.c b/libavcodec/apac.c
index 00e48e7635..ea3b93359d 100644
--- a/libavcodec/apac.c
+++ b/libavcodec/apac.c
@@ -140,6 +140,9 @@ static int apac_decode(AVCodecContext *avctx, AVFrame 
*frame,
     buf_size = pkt->size;
     input_buf_size = buf_size;
 
+    if ((int64_t)s->bitstream_size + buf_size > INT_MAX / (16 * 8))
+        return AVERROR_INVALIDDATA;
+
     if (s->bitstream_index > 0 && s->bitstream_size > 0) {
         memmove(s->bitstream, &s->bitstream[s->bitstream_index], 
s->bitstream_size);
         s->bitstream_index = 0;

_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to