[FFmpeg-devel] [PATCH 2/7] avcodec/hevc/hevcdec: Check num_entry_point_offsets
Michael Niedermayer
michael at niedermayer.cc
Fri May 30 02:48:56 EEST 2025
On Thu, May 08, 2025 at 11:57:33PM +0200, Michael Niedermayer wrote:
> The code uses int, unsigned int and uint16_t to store num_entry_point_offsets
> This limits it to the smallest of the 3.
> Alternatively uint16_t can be changed and then a larger limit used.
> A Check will still be needed.
>
> Fixes: 391974932/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5966648879677440
> Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavcodec/hevc/hevcdec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
will apply
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
If one takes all money from those who grow wealth and gives it to those who
do not grow wealth, 10 years later, almost the same people who where wealthy
will be wealthy again, the same people who where poor will be poor again.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20250530/36a67fbf/attachment.sig>
More information about the ffmpeg-devel
mailing list