charles via ffmpeg-devel (HE12025-12-23): > >From 48205aaee52aa6f34d45829a93a14b5c63141b59 Mon Sep 17 00:00:00 2001 > From: Jiasheng Jiang <[email protected]> > Date: Wed, 6 Aug 2025 16:39:47 +0000 > Subject: [PATCH 9/9] libavfilter/af_firequalizer: Add check for > av_malloc_array() > > Add check for the return value of av_malloc_array() to avoid potential NULL > pointer dereference. > > Fixes: CVE-2025-10256 > > Fixes: d3be186ed1 ("avfilter/firequalizer: add dumpfile and dumpscale option") > Signed-off-by: Jiasheng Jiang <[email protected]> > Signed-off-by: Michael Niedermayer <[email protected]> > (cherry picked from commit a25462482c02c004d685a8fcf2fa63955aaa0931) > Signed-off-by: Michael Niedermayer <[email protected]> > (cherry picked from commit 00b5af29a4203a31574c11b3df892d78d5d862ec) > Signed-off-by: Carlos Henrique Lima Melara <[email protected]> > --- > libavfilter/af_firequalizer.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/libavfilter/af_firequalizer.c b/libavfilter/af_firequalizer.c > index f4513a1c46..748172945a 100644 > --- a/libavfilter/af_firequalizer.c > +++ b/libavfilter/af_firequalizer.c > @@ -822,6 +822,8 @@ static int config_input(AVFilterLink *inlink) > if (s->dumpfile) { > s->analysis_rdft = av_rdft_init(rdft_bits, DFT_R2C); > s->dump_buf = av_malloc_array(s->analysis_rdft_len, > sizeof(*s->dump_buf)); > + if (!s->dump_buf) > + return AVERROR(ENOMEM); > } > > s->analysis_buf = av_malloc_array(s->analysis_rdft_len, > sizeof(*s->analysis_buf));
This patch seems based on a very outdated version of the code. This issue was fixed months ago. Regards, -- Nicolas George _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
