PR #23629 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23629 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23629.patch
Found-by: k00shi_ Fixes: OOM Fixes: poc.c Fixes: XMkAe1I9uFro >From 2a150688cce392e65fea87371effb879ebd2a98a Mon Sep 17 00:00:00 2001 From: Anxious Koisi <[email protected]> Date: Sun, 28 Jun 2026 23:03:25 +0200 Subject: [PATCH] avcodec/apac: Check bitstream_size to avoid integer overflow Found-by: k00shi_ Fixes: OOM Fixes: poc.c Fixes: XMkAe1I9uFro --- libavcodec/apac.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/apac.c b/libavcodec/apac.c index 00e48e7635..ea3b93359d 100644 --- a/libavcodec/apac.c +++ b/libavcodec/apac.c @@ -140,6 +140,9 @@ static int apac_decode(AVCodecContext *avctx, AVFrame *frame, buf_size = pkt->size; input_buf_size = buf_size; + if ((int64_t)s->bitstream_size + buf_size > INT_MAX / (16 * 8)) + return AVERROR_INVALIDDATA; + if (s->bitstream_index > 0 && s->bitstream_size > 0) { memmove(s->bitstream, &s->bitstream[s->bitstream_index], s->bitstream_size); s->bitstream_index = 0; -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
