> Check the return value of av_image_get_buffer_size() before adding > HEADER_SIZE to it. There will be a signed overflow (UB) for images of > size 16385x16385 (and many others).
Sorry, I missed the multiplication by h+128 in av_image_check_size2(). So this isn't a problem in this specific case. > Aside: av_image_get_buffer_size() will UB for sizes above INT_MAX > because the size_t's in sizes[] get accumulated into an int. Besides > the UB it also returns incorrect values. This however *is* a problem for planar formats. This doesn't affect this patch however. /Tomass _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
