PR #23629 opened by michaelni
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23629
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23629.patch

Found-by: k00shi_
Fixes: OOM
Fixes: poc.c
Fixes: XMkAe1I9uFro



>From 2a150688cce392e65fea87371effb879ebd2a98a Mon Sep 17 00:00:00 2001
From: Anxious Koisi <[email protected]>
Date: Sun, 28 Jun 2026 23:03:25 +0200
Subject: [PATCH] avcodec/apac: Check bitstream_size to avoid integer overflow

Found-by: k00shi_
Fixes: OOM
Fixes: poc.c
Fixes: XMkAe1I9uFro
---
 libavcodec/apac.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/apac.c b/libavcodec/apac.c
index 00e48e7635..ea3b93359d 100644
--- a/libavcodec/apac.c
+++ b/libavcodec/apac.c
@@ -140,6 +140,9 @@ static int apac_decode(AVCodecContext *avctx, AVFrame 
*frame,
     buf_size = pkt->size;
     input_buf_size = buf_size;
 
+    if ((int64_t)s->bitstream_size + buf_size > INT_MAX / (16 * 8))
+        return AVERROR_INVALIDDATA;
+
     if (s->bitstream_index > 0 && s->bitstream_size > 0) {
         memmove(s->bitstream, &s->bitstream[s->bitstream_index], 
s->bitstream_size);
         s->bitstream_index = 0;
-- 
2.52.0

_______________________________________________
ffmpeg-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to