PR #23375 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23375 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23375.patch
Fixes: ada-2-poc.dhav Found-by: Claude and Ada Logics. This issue was found by Anthropic from using agents to study security of open source projects, and I am from Ada Logics helping validate the found issues and report to maintainers. >From 07d5ca6a8bf11c8419ed471c62649153d896357a Mon Sep 17 00:00:00 2001 From: David Korczynski <[email protected]> Date: Wed, 20 May 2026 15:15:01 -0700 Subject: [PATCH] avformat/dhav: Fix second integer overflow in get_duration() Fixes: ada-2-poc.dhav Found-by: Claude and Ada Logics. This issue was found by Anthropic from using agents to study security of open source projects, and I am from Ada Logics helping validate the found issues and report to maintainers. --- libavformat/dhav.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/dhav.c b/libavformat/dhav.c index 598780e8b8..82e2783461 100644 --- a/libavformat/dhav.c +++ b/libavformat/dhav.c @@ -280,7 +280,7 @@ static int64_t get_duration(AVFormatContext *s) } } - if (pos < buffer_pos || pos + 20 > buffer_pos + buffer_size) + if (pos < buffer_pos || pos - buffer_pos > buffer_size - 20) goto fail; date = AV_RL32(buffer + (pos - buffer_pos) + 16); -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
