ffmpeg | branch: master | Andreas Rheinhardt <andreas.rheinha...@outlook.com> | Wed Apr 16 10:23:01 2025 +0200| [3acc3b0b50402bc2125a22e1fc2c86a2b917fd51] | committer: Andreas Rheinhardt
avcodec/dvbsubenc: Sanity check num_rects It is written as region_id which is a single byte. Also fixes a potential (defined) overflow in the num_rects * 6 multiplication later; this has been found by 김승호 <kimsh...@naver.com>. Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@outlook.com> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3acc3b0b50402bc2125a22e1fc2c86a2b917fd51 --- libavcodec/dvbsubenc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/dvbsubenc.c b/libavcodec/dvbsubenc.c index 822e3a5309..4844c3deb5 100644 --- a/libavcodec/dvbsubenc.c +++ b/libavcodec/dvbsubenc.c @@ -284,6 +284,9 @@ static int dvbsub_encode(AVCodecContext *avctx, uint8_t *outbuf, int buf_size, if (h->num_rects && !h->rects) return AVERROR(EINVAL); + if (h->num_rects >= 256) + return AVERROR(EINVAL); + if (avctx->width > 0 && avctx->height > 0) { if (buf_size < 11) return AVERROR_BUFFER_TOO_SMALL; _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
