Hi 0xBat On Mon, Jan 05, 2026 at 01:35:02AM +0100, 0xBat via ffmpeg-devel wrote: > Prevent integer overflow in init_get_bits by validating that packet size > multiplied by 8 does not exceed INT_MAX. > > Signed-off-by: 0xBat <[email protected]> > --- > libavcodec/qdm2.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c > index b2136c6824..2eb1f3be99 100644 > --- a/libavcodec/qdm2.c > +++ b/libavcodec/qdm2.c > @@ -978,6 +978,8 @@ static int process_subpacket_9(QDM2Context *q, > QDM2SubPNode *node) > GetBitContext gb; > int i, j, k, n, ch, run, level, diff; > > + if (node->packet->size > INT_MAX / 8) > + return AVERROR_INVALIDDATA; > init_get_bits(&gb, node->packet->data, node->packet->size * 8);
init_get_bits8() [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Those who are best at talking, realize last or never when they are wrong.
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
