The flexible array member struct can have padding added by
the compiler which was not taken into account properly, which
could lead to a heap buffer overflow.
---
 libavutil/vulkan.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavutil/vulkan.c b/libavutil/vulkan.c
index cd617496dcb..b9aee7cf902 100644
--- a/libavutil/vulkan.c
+++ b/libavutil/vulkan.c
@@ -644,11 +644,11 @@ int ff_vk_exec_add_dep_bool_sem(FFVulkanContext *s, 
FFVkExecContext *e,
         }
 
         return 0;
     }
 
-    buf_size = sizeof(int) + sizeof(VkSemaphore)*nb;
+    buf_size = sizeof(*ts) + sizeof(VkSemaphore)*nb;
     ts = av_mallocz(buf_size);
     if (!ts) {
         err = AVERROR(ENOMEM);
         goto fail;
     }

base-commit: f456522e32ec2577745d4669dc333be298d85907
-- 
2.46.2
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to