PR #23581 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23581 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23581.patch
Fixes: out of array access Fixes: poc.m4v / make_poc.py Fixes: 93KU7grvT7G1 Fixes: f9d3841ae6 (mpeg4video: Add support for MPEG-4 Simple Studio Profile.) Found-by: VulnForge Security Research Team <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> >From feaff39395e74f2a24d3b764cd8bfdeaf46df7c0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Wed, 24 Jun 2026 03:43:32 +0200 Subject: [PATCH] avcodec/mpeg4videodec: Copy studio_profile in frame-thread context update Fixes: out of array access Fixes: poc.m4v / make_poc.py Fixes: 93KU7grvT7G1 Fixes: f9d3841ae6 (mpeg4video: Add support for MPEG-4 Simple Studio Profile.) Found-by: VulnForge Security Research Team <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/mpeg4videodec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c index 3d20f7c389..9cfb3cde2d 100644 --- a/libavcodec/mpeg4videodec.c +++ b/libavcodec/mpeg4videodec.c @@ -3923,6 +3923,7 @@ static int mpeg4_update_thread_context(AVCodecContext *dst, s->cplx_estimation_trash_p = s1->cplx_estimation_trash_p; s->cplx_estimation_trash_b = s1->cplx_estimation_trash_b; s->rgb = s1->rgb; + s->h.c.studio_profile = s1->h.c.studio_profile; s->h.skipped_last_frame = s1->h.skipped_last_frame; s->h.padding_bug_score = s1->h.padding_bug_score; // FIXME: racy -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
