On Thu, Sep 18, 2025 at 11:23:47PM -0000, michaelni via ffmpeg-devel wrote:
> PR #20550 opened by michaelni
> URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20550
> Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20550.patch
> 
> 
> >From 38d62a1a51a84e220b6dbeaefd961f170d2d5c72 Mon Sep 17 00:00:00 2001
> From: Michael Niedermayer <michael@niedermayer.cc>
> Date: Thu, 18 Sep 2025 17:32:46 +0200
> Subject: [PATCH 1/3] avcodec/exr: check ac_size
> 
> Fixes: out of array read
> Fixes: dwa_uncompress.py.crash.exr
> 
> The code will read from the ac data even if ac_size is 0, thus that case
> is not implemented and we ask for a sample and error out cleanly
> 
> Found-by: Google Big Sleep
> 
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/exr.c | 5 +++++
>  1 file changed, 5 insertions(+)

This is still waiting for a review, ill manually apply soon if noone reviews it

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Many that live deserve death. And some that die deserve life. Can you give
it to them? Then do not be too eager to deal out death in judgement. For
even the very wise cannot see all ends. -- Gandalf