This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/8.0 in repository ffmpeg.
commit 83ebed243b1cee7a858a81e05fc0f153d6df10a0 Author: Michael Niedermayer <[email protected]> AuthorDate: Tue Feb 10 20:13:07 2026 +0100 Commit: Michael Niedermayer <[email protected]> CommitDate: Sun May 3 19:57:02 2026 +0200 avcodec/pdvdec: Check input space before buffer allocation this rejects packets whose claimed decompressed frame would require a deflate ratio beyond the format's theoretical 1032:1 limit Fixes: Timeout Fixes: 474457186/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PDV_fuzzer-5366108782919680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit b801f1fe6d6c9b20d7010367c92860584f83d7f5) Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/pdvdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/pdvdec.c b/libavcodec/pdvdec.c index e2c03e7e0d..dae9f63cc5 100644 --- a/libavcodec/pdvdec.c +++ b/libavcodec/pdvdec.c @@ -75,6 +75,9 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame, return AVERROR_INVALIDDATA; } + if (avpkt->size * 1032LL < ((avctx->width + 7) >> 3) * avctx->height) //Asymptotic max compression of deflate + return AVERROR_INVALIDDATA; + if ((ret = ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF)) < 0) return ret; _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
