This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/8.1 in repository ffmpeg.
commit e2c6836694470334dd0d7238223524fea4c47f7e Author: Michael Niedermayer <[email protected]> AuthorDate: Fri May 1 21:33:25 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Sun May 3 19:25:01 2026 +0200 avcodec/dfpwmdec: Check nb_samples Fixes: integer overflow Found-by: Dhiraj Mishra <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 118bddf0ce42cc0b6b70ca35860b02dc9b891e70) Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/dfpwmdec.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/dfpwmdec.c b/libavcodec/dfpwmdec.c index 4ddb806561..6a7a23e39d 100644 --- a/libavcodec/dfpwmdec.c +++ b/libavcodec/dfpwmdec.c @@ -101,15 +101,16 @@ static int dfpwm_dec_frame(struct AVCodecContext *ctx, AVFrame *frame, { DFPWMState *state = ctx->priv_data; int ret; + uint64_t nb_samples = packet->size * 8LL / ctx->ch_layout.nb_channels; if (packet->size * 8LL % ctx->ch_layout.nb_channels) return AVERROR_PATCHWELCOME; - frame->nb_samples = packet->size * 8LL / ctx->ch_layout.nb_channels; - if (frame->nb_samples <= 0) { + if (nb_samples > INT_MAX || !nb_samples) { av_log(ctx, AV_LOG_ERROR, "invalid number of samples in packet\n"); return AVERROR_INVALIDDATA; } + frame->nb_samples = nb_samples; if ((ret = ff_get_buffer(ctx, frame, 0)) < 0) return ret; _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
