[FFmpeg-devel] [PATCH] avformat/icodec: fix integer overflow with nb_pal
Kacper Michajlow
kasper93 at gmail.com
Thu Nov 21 16:39:05 EET 2024
On Sun, 3 Nov 2024 at 11:24, Michael Niedermayer <michael at niedermayer.cc> wrote:
>
> Fixes: runtime error: signed integer overflow
> Fixes: 42536949/clusterfuzz-testcase-minimized-fuzzer_loadfile-6199846684393472
> Found-by: ossfuzz
> Reported-by: Kacper Michajlow
> Tested-by: Kacper Michajlow
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavformat/icodec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/icodec.c b/libavformat/icodec.c
> index afd0c71b1f9..b09d0060a65 100644
> --- a/libavformat/icodec.c
> +++ b/libavformat/icodec.c
> @@ -198,7 +198,7 @@ static int read_packet(AVFormatContext *s, AVPacket *pkt)
> AV_WL32(buf + 32, image->nb_pal);
> }
>
> - if (image->nb_pal > INT_MAX / 4 - 14 - 40)
> + if (image->nb_pal > INT_MAX / 4 - 14 - 40U)
> return AVERROR_INVALIDDATA;
>
> AV_WL32(buf - 4, 14 + 40 + image->nb_pal * 4);
> --
> 2.47.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
Any news about this patch?
- Kacper
More information about the ffmpeg-devel
mailing list