PR #23127 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23127 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23127.patch
Fixes: out of array access Fixes: ada-5-poc.avi Found-by: Claude and Ada Logics. This issue was found by Anthropic from using agents to study security of open source projects, and I am from Ada Logics helping validate the found issues and report to maintainers. Signed-off-by: Michael Niedermayer <[email protected]> >From 5bd8b8de60ff7d7fac7778e7739f03c275820bde Mon Sep 17 00:00:00 2001 From: David Korczynski <[email protected]> Date: Sun, 17 May 2026 14:32:49 +0200 Subject: [PATCH] avcodec/g2meet: The stack is EPIC_PIX_STACK_SIZE Fixes: out of array access Fixes: ada-5-poc.avi Found-by: Claude and Ada Logics. This issue was found by Anthropic from using agents to study security of open source projects, and I am from Ada Logics helping validate the found issues and report to maintainers. Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/g2meet.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/g2meet.c b/libavcodec/g2meet.c index eb6aaf3072..1aeb128c4f 100644 --- a/libavcodec/g2meet.c +++ b/libavcodec/g2meet.c @@ -482,12 +482,13 @@ static void epic_free_pixel_cache(ePICPixHash *hash) static inline int is_pixel_on_stack(const ePICContext *dc, uint32_t pix) { int i; + int n = FFMIN(dc->stack_pos, EPIC_PIX_STACK_SIZE); - for (i = 0; i < dc->stack_pos; i++) + for (i = 0; i < n; i++) if (dc->stack[i] == pix) break; - return i != dc->stack_pos; + return i != n; } #define TOSIGNED(val) (((val) >> 1) ^ -((val) & 1)) -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
