[FFmpeg-cvslog] avcodec/hashtable: Check for overflow

Andreas Rheinhardt git at videolan.org
Wed Jun 4 16:40:59 EEST 2025


ffmpeg | branch: master | Andreas Rheinhardt <andreas.rheinhardt at outlook.com> | Tue Jun  3 22:35:03 2025 +0200| [2e45d2f7d38acb1c37042d994f15e4c66da601fe] | committer: Andreas Rheinhardt

avcodec/hashtable: Check for overflow

Reviewed-by: Emma Worley <emma at emma.gg>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2e45d2f7d38acb1c37042d994f15e4c66da601fe
---

 libavcodec/hashtable.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/libavcodec/hashtable.c b/libavcodec/hashtable.c
index fa79330603..ec8eca471f 100644
--- a/libavcodec/hashtable.c
+++ b/libavcodec/hashtable.c
@@ -56,12 +56,18 @@ struct FFHashtableContext {
 
 int ff_hashtable_alloc(struct FFHashtableContext **ctx, size_t key_size, size_t val_size, size_t max_entries)
 {
+    const size_t keyval_size = key_size + val_size;
+
+    if (keyval_size < key_size || // did (unsigned,defined) wraparound happen?
+        keyval_size > SIZE_MAX - sizeof(size_t) - (ALIGN - 1))
+        return AVERROR(ERANGE);
+
     FFHashtableContext *res = av_mallocz(sizeof(*res));
     if (!res)
         return AVERROR(ENOMEM);
     res->key_size = key_size;
     res->val_size = val_size;
-    res->entry_size = FFALIGN(sizeof(size_t) + key_size + val_size, ALIGN);
+    res->entry_size = FFALIGN(sizeof(size_t) + keyval_size, ALIGN);
     res->max_entries = max_entries;
     res->nb_entries = 0;
     res->crc = av_crc_get_table(AV_CRC_32_IEEE);



More information about the ffmpeg-cvslog mailing list