[FFmpeg-devel] [PATCH] tools/zmqsend: fix integer overflow check

Baptiste Bd via ffmpeg-devel Mon, 05 Jan 2026 18:09:15 -0800

>From 8286eb98a6f40fc1e69507213073486ef06d3a5d Mon Sep 17 00:00:00 2001
From: OxBat <[email protected]>
Date: Sat, 3 Jan 2026 17:10:07 +0100
Subject: [PATCH] tools/zmqsend: fix integer overflow on 32-bit systems in
 tools/zmqsend.c


---
 tools/zmqsend.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/tools/zmqsend.c b/tools/zmqsend.c
index dc5d426cc8..b2d66bb8bc 100644
--- a/tools/zmqsend.c
+++ b/tools/zmqsend.c
@@ -149,8 +149,16 @@ int main(int argc, char **argv)
         goto end;
     }

-    recv_buf_size = zmq_msg_size(&msg) + 1;
+/* PATCH SECURITY: Fix integer overflow on 32-bit systems */
+    size_t sz = zmq_msg_size(&msg);
+    if (sz == SIZE_MAX) {
+        av_log(NULL, AV_LOG_ERROR, "Message too large (overflow
detected)\n");
+        ret = 1;
+        goto end;
+    }
+    recv_buf_size = sz + 1;
     recv_buf = av_malloc(recv_buf_size);
+
     if (!recv_buf) {
         av_log(NULL, AV_LOG_ERROR,
                "Could not allocate receiving message buffer\n");
@@ -158,6 +166,7 @@ int main(int argc, char **argv)
         ret = 1;
         goto end;
     }
+
     memcpy(recv_buf, zmq_msg_data(&msg), recv_buf_size - 1);
     recv_buf[recv_buf_size-1] = 0;
     printf("%s\n", recv_buf);
@@ -168,4 +177,4 @@ end:
     zmq_close(socket);
     zmq_ctx_destroy(zmq_ctx);
     return ret;
-}
+}
\ No newline at end of file
-- 
2.52.0.windows.1

0001-tools-zmqsend-fix-integer-overflow-on-32-bit-systems.patch
Description: Binary data

_______________________________________________
ffmpeg-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]

[FFmpeg-devel] [PATCH] tools/zmqsend: fix integer overflow check

Reply via email to