On Wed, Apr 16, 2025 at 11:17:30AM +0200, Andreas Rheinhardt wrote: > Patches attached. > > - Andreas
> dvbsubenc.c | 3 +++ > 1 file changed, 3 insertions(+) > 27ce315dbaee02f8c92c12f8c9cd0c8c7edc54fb > 0001-avcodec-dvbsubenc-Sanity-check-num_rects.patch > From b3a4381000d13ac344114dd5f0230c9eae7b32aa Mon Sep 17 00:00:00 2001 > From: Andreas Rheinhardt <andreas.rheinha...@outlook.com> > Date: Wed, 16 Apr 2025 10:23:01 +0200 > Subject: [PATCH 1/2] avcodec/dvbsubenc: Sanity check num_rects > MIME-Version: 1.0 > Content-Type: text/plain; charset=UTF-8 > Content-Transfer-Encoding: 8bit > > It is written as region_id which is a single byte. > Also fixes a potential (defined) overflow in the num_rects * 6 > multiplication later; this has been found by 김승호 <kimsh...@naver.com>. > > Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@outlook.com> > --- > libavcodec/dvbsubenc.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/libavcodec/dvbsubenc.c b/libavcodec/dvbsubenc.c > index 822e3a5309..8eeac76855 100644 > --- a/libavcodec/dvbsubenc.c > +++ b/libavcodec/dvbsubenc.c > @@ -284,6 +284,9 @@ static int dvbsub_encode(AVCodecContext *avctx, uint8_t > *outbuf, int buf_size, > if (h->num_rects && !h->rects) > return AVERROR(EINVAL); > > + if (h->num_rects >= 256) > + return AVERROR_INVALIDDATA; should this not be AVERROR(EINVAL); ? thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB I do not agree with what you have to say, but I'll defend to the death your right to say it. -- Voltaire
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
