This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/8.1 in repository ffmpeg.
commit 61ffafe95b422ff7bee0fe6dddc3400eec65c014 Author: Michael Niedermayer <[email protected]> AuthorDate: Wed May 20 01:35:17 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Sun Jun 14 04:40:53 2026 +0200 avformat/hls: Check url_offset and size Fixes: integer overflow Found-by: jiale yao Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit c2047918e627dd0e2e83df8faf6f1e9c69e68514) Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/hls.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavformat/hls.c b/libavformat/hls.c index 28c883097a..480b594a0b 100644 --- a/libavformat/hls.c +++ b/libavformat/hls.c @@ -452,6 +452,11 @@ static struct segment *new_init_section(struct playlist *pls, ptr = strchr(info->byterange, '@'); if (ptr) sec->url_offset = strtoll(ptr+1, NULL, 10); + if (sec->size < 0 || sec->url_offset < 0 || sec->size > INT64_MAX - sec->url_offset) { + av_freep(&sec->url); + av_free(sec); + return NULL; + } } else { /* the entire file is the init section */ sec->size = -1; _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
