This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/8.0 in repository ffmpeg.
commit 8e9e227c676d8194161c61b961d77b391e016bb8 Author: Michael Niedermayer <[email protected]> AuthorDate: Thu Mar 12 23:25:17 2026 +0100 Commit: Michael Niedermayer <[email protected]> CommitDate: Sun May 3 19:57:05 2026 +0200 avformat/matroskadec: Check audio.sub_packet_h * audio.frame_size Fixes: out of array access Fixes: poc_matroska.mkv This issue requires manually increasing the malloc limit (-max_alloc 4294967296) Found-by: Guanni Qu <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit f47ca0a5e6afe9ed3dbd8080220f741983fecb20) Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/matroskadec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index d31e70d900..b73a82e26f 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -2783,6 +2783,10 @@ static int mka_parse_audio_codec(MatroskaTrack *track, AVCodecParameters *par, par->block_align = track->audio.sub_packet_size; *extradata_offset = 78; } + if (par->block_align <= 0 || + track->audio.sub_packet_h * (unsigned)track->audio.frame_size > INT_MAX || + track->audio.frame_size * track->audio.sub_packet_h < par->block_align) + return AVERROR_INVALIDDATA; track->audio.buf = av_malloc_array(track->audio.sub_packet_h, track->audio.frame_size); if (!track->audio.buf) _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
