The flexible array member struct can have padding added by
the compiler which was not taken into account properly, which
could lead to a heap buffer overflow.
---
libavutil/vulkan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavutil/vulkan.c b/libavutil/vulkan.c
index cd617496dcb..b9aee7cf902 100644
--- a/libavutil/vulkan.c
+++ b/libavutil/vulkan.c
@@ -644,11 +644,11 @@ int ff_vk_exec_add_dep_bool_sem(FFVulkanContext *s,
FFVkExecContext *e,
}
return 0;
}
- buf_size = sizeof(int) + sizeof(VkSemaphore)*nb;
+ buf_size = sizeof(*ts) + sizeof(VkSemaphore)*nb;
ts = av_mallocz(buf_size);
if (!ts) {
err = AVERROR(ENOMEM);
goto fail;
}
base-commit: f456522e32ec2577745d4669dc333be298d85907
--
2.46.2
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
