On 09/10/2024 02:12, Marvin Scholz wrote:
The flexible array member struct can have padding added by the compiler which was not taken into account properly, which could lead to a heap buffer overflow. --- libavutil/vulkan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)diff --git a/libavutil/vulkan.c b/libavutil/vulkan.c index cd617496dcb..b9aee7cf902 100644 --- a/libavutil/vulkan.c +++ b/libavutil/vulkan.c @@ -644,11 +644,11 @@ int ff_vk_exec_add_dep_bool_sem(FFVulkanContext *s, FFVkExecContext *e, }return 0;}- buf_size = sizeof(int) + sizeof(VkSemaphore)*nb;+ buf_size = sizeof(*ts) + sizeof(VkSemaphore)*nb; ts = av_mallocz(buf_size); if (!ts) { err = AVERROR(ENOMEM); goto fail; } base-commit: f456522e32ec2577745d4669dc333be298d85907
Thanks, pushed, along with another similar fix.
OpenPGP_0xA2FEA5F03F034464.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
