ffmpeg | branch: master | Andreas Rheinhardt <andreas.rheinha...@outlook.com> | Tue Jun 3 22:35:03 2025 +0200| [2e45d2f7d38acb1c37042d994f15e4c66da601fe] | committer: Andreas Rheinhardt
avcodec/hashtable: Check for overflow Reviewed-by: Emma Worley <e...@emma.gg> Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@outlook.com> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2e45d2f7d38acb1c37042d994f15e4c66da601fe --- libavcodec/hashtable.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavcodec/hashtable.c b/libavcodec/hashtable.c index fa79330603..ec8eca471f 100644 --- a/libavcodec/hashtable.c +++ b/libavcodec/hashtable.c @@ -56,12 +56,18 @@ struct FFHashtableContext { int ff_hashtable_alloc(struct FFHashtableContext **ctx, size_t key_size, size_t val_size, size_t max_entries) { + const size_t keyval_size = key_size + val_size; + + if (keyval_size < key_size || // did (unsigned,defined) wraparound happen? + keyval_size > SIZE_MAX - sizeof(size_t) - (ALIGN - 1)) + return AVERROR(ERANGE); + FFHashtableContext *res = av_mallocz(sizeof(*res)); if (!res) return AVERROR(ENOMEM); res->key_size = key_size; res->val_size = val_size; - res->entry_size = FFALIGN(sizeof(size_t) + key_size + val_size, ALIGN); + res->entry_size = FFALIGN(sizeof(size_t) + keyval_size, ALIGN); res->max_entries = max_entries; res->nb_entries = 0; res->crc = av_crc_get_table(AV_CRC_32_IEEE); _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
