On Mon, Jan 5, 2026 at 5:12 PM michaelni via ffmpeg-devel <[email protected]> wrote: > > PR #21384 opened by michaelni > URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21384 > Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21384.patch > > More complete fix for #YWH-PGM40646-32 > > Signed-off-by: Michael Niedermayer <[email protected]> > > > >From 1c214abfd52ac09cb5cb71de70e6475bb7f80747 Mon Sep 17 00:00:00 2001 > From: Michael Niedermayer <[email protected]> > Date: Mon, 5 Jan 2026 18:07:49 +0100 > Subject: [PATCH] avformat/img2dec: Check avio_size() for failure > > More complete fix for #YWH-PGM40646-32 > > Signed-off-by: Michael Niedermayer <[email protected]> > --- > libavformat/img2dec.c | 19 +++++++++---------- > 1 file changed, 9 insertions(+), 10 deletions(-) > > diff --git a/libavformat/img2dec.c b/libavformat/img2dec.c > index 586634c0c3..523015e4c6 100644 > --- a/libavformat/img2dec.c > +++ b/libavformat/img2dec.c > @@ -367,7 +367,6 @@ int ff_img_read_packet(AVFormatContext *s1, AVPacket *pkt) > int i, res; > int ret[3] = { 0 }; > int64_t size[3] = { 0 }; > - int64_t total_size; > AVIOContext *f[3] = { NULL }; > AVCodecParameters *par = s1->streams[0]->codecpar; > > @@ -458,15 +457,15 @@ int ff_img_read_packet(AVFormatContext *s1, AVPacket > *pkt) > } > } > > - total_size = size[0]; > - if (total_size > INT64_MAX - size[1]) > - return AVERROR_INVALIDDATA; > - total_size += size[1]; > - if (total_size > INT64_MAX - size[2]) > - return AVERROR_INVALIDDATA; > - total_size += size[2]; > - if (total_size > INT_MAX) > - return AVERROR_INVALIDDATA; > + int64_t total_size = 0; > + for(int i = 0; i < 3; i++) { > + if (size[i] < 0) > + return size[i]; > + if (total_size > INT64_MAX - size[i]) > + return AVERROR_INVALIDDATA; > + > + total_size += size[i]; > + }
Check for (total_size > INT_MAX) is gone now, is that intentional? Kieran _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
