From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id 572084D1BE
	for <ffmpegdev@gitmailbox.com>; Wed, 12 Nov 2025 17:49:22 +0000 (UTC)
Authentication-Results: ffbox; dkim=fail (body hash mismatch (got 
   b'n7A2+AgSRygWRJddJeHIMsrwf6fRMtbqmx14SEHv/dA=', expected 
   b'LddQXGkOy1qoaJtWhY/pkstk/5aO9oRGxGdcvtu+Jnw=')) header.d=ffmpeg.org 
   header.i=@ffmpeg.org header.a=rsa-sha256
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1762969753; h=mime-version : to :
 date : message-id : reply-to : subject : list-id : list-archive :
 list-archive : list-help : list-owner : list-post : list-subscribe :
 list-unsubscribe : from : cc : content-type :
 content-transfer-encoding : from;
 bh=n7A2+AgSRygWRJddJeHIMsrwf6fRMtbqmx14SEHv/dA=;
 b=y+8Hd8AB3yylV5XcKKnpDK/a2/Fg+dsFN/1/WC8pT0e8dKgx1MOlu1ZFv4w0Wi26E94+/
 viaxyg3u2rMIoNZVLBTLRMpMdUXTCbFKRyOS64RZEeRr23+7clDt3U6G2Ls6WAgpTyuVJXO
 AQORUmVPd1VDOQ11UvxT9To/imZ4cCIVgitsKYbi4E6ZEuSCQ5kUjbFcA1Lzw2gFtXhopob
 rVJmuIqJXo1dBPaPvKRPCioZy95y/r2Ju3MdCfxM2e1Pfrxx/diiLjGzY4dgTrJ5bHbhbjz
 NCG5U891GWzeMhbfqzH43ly48k9wsl9u3JGBaa70DlPKt413fkQoDru12U/Q==
Received: from [172.19.0.2] (unknown [172.19.0.2])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 9211968FDCB;
	Wed, 12 Nov 2025 19:49:13 +0200 (EET)
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1762969737;
 b=A46KtVUsLgEEiHglOptuHKeuVcymuIYKRnslNxGw3T/i17kbeBQhO/ESjATbJEBkLQd/s
 DdfXlwUomwrIvb2q6+mpBYpdLcFbLB3ZYjJIHy+zlJirfwOYpE3WOlNqy7yG3Hod6ac/jga
 hXY8pdPeWkK/jAf4wo6StMS7UhW/HzNzwQIsCzcbeGRjCBk1R8vEog8VoXjzNtinkNBj3qr
 oNvNQZZ96jGDvRCG26GQnJe4N6WaQ2lpCDIjwmDu+XbfVrx7Lra8+yHxQvFlKvA1w3i0xVQ
 3ulYwPv8ZRQCrRuk6LmG+xYk75itJPUN5i59zqBWDEKqscSdiyRkmHTaq/Pg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=ffmpeg.org; s=arc; t=1762969737; h=from : sender : reply-to :
 subject : date : message-id : to : cc : mime-version : content-type :
 content-transfer-encoding : content-id : content-description :
 resent-date : resent-from : resent-sender : resent-to : resent-cc :
 resent-message-id : in-reply-to : references : list-id : list-help :
 list-unsubscribe : list-subscribe : list-post : list-owner :
 list-archive; bh=z4guP0fE/maP39jBpMCHpLWqznjNRorh/eorEoZLFPo=;
 b=WAhOh0TJrmI4Sa2QIOUqDhB3S3++KIQxoH1N6iPVyYoWxmJxzaejaGtJZ6WIpGg9W02ak
 fdPxACSjh5Y90R9mEPfIy0HNUE6hhFFzSOAsitecwSCDiQUiVMRxKtUqKS+nf0v8eFqiyCF
 uwyqlucVihnaz2Am1hjYxEpZpqmcVTtp0trQwk0FmOeQpnkDehsPNrAgPKpkrs9q/u5L8qs
 fSO1207rNcn2d8WUrQvXE57ZBiBkxik/FqLx1T65bI/idP1iDyNP0wYAdC/WvbI5m+m5VYQ
 5NYFS7rcZFiS8TBCtK4iiISp0vPeb4hS375uLXlCmlt1wEQPaC3oPr+uTABQ==
ARC-Authentication-Results: i=1; ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none;
 dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine
Authentication-Results: ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none (Message is not ARC signed);
 dmarc=pass (Used From Domain Record) header.from=ffmpeg.org
 policy.dmarc=quarantine
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1762969730; h=content-type :
 mime-version : content-transfer-encoding : from : to : reply-to :
 subject : date : from;
 bh=LddQXGkOy1qoaJtWhY/pkstk/5aO9oRGxGdcvtu+Jnw=;
 b=t8vFWsNSLyNsiIWzaTj9BbamVUVv8daRPZ/s4P+dPZIiA7LAcQJvZZb0izdxcyXTS13JZ
 FTDIfgWIr3hxvbtiaayZ1knSUfYzw9cL8yx+1aBRtFTfdhK1BMVVLNQjMjWhi+DIh66Ee9O
 eahQLxfOY7vyETlV1IoN1BpKPax1jw7rhdXzx0ZX9syHtFx2RHWdbwVeB7gundrVZOP1tiz
 ou7cX3r82x1Vcze2eRG8wPIY7CZ80StdKzgZV9Sj/096if7r2z4XNIHLIZJevaoQ7w+Xlx6
 f9E4HV+loWSrY84J8GSWmql1DCP2LRxHag3soawT5HcXIWCXtBTKJvKathsA==
Received: from 188d6d40ca7a (code.ffmpeg.org [188.245.149.3])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 033AB68FCF9
	for <ffmpeg-devel@ffmpeg.org>; Wed, 12 Nov 2025 19:48:49 +0200 (EET)
MIME-Version: 1.0
To: ffmpeg-devel@ffmpeg.org
Date: Wed, 12 Nov 2025 17:48:49 -0000
Message-ID: <176296973017.25.8332553935218562573@2cb04c0e5124>
Message-ID-Hash: ONTFWFFLHAPDWHDWM2GCBIEQ7SELIDMC
X-Message-ID-Hash: ONTFWFFLHAPDWHDWM2GCBIEQ7SELIDMC
X-MailFrom: code@ffmpeg.org
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-ffmpeg-devel.ffmpeg.org-0;
 header-match-ffmpeg-devel.ffmpeg.org-1;
 header-match-ffmpeg-devel.ffmpeg.org-2;
 header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation
X-Mailman-Version: 3.3.10
Precedence: list
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: [FFmpeg-devel] [PATCH] Fix flacdec int overflow with a saturated add (PR
 #20900)
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
Archived-At: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/message/ONTFWFFLHAPDWHDWM2GCBIEQ7SELIDMC/>
Archived-At: 
 <https://lists.ffmpeg.org/lore/ffmpeg-devel/176296973017.25.8332553935218562573@2cb04c0e5124/>
List-Archive: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/>
List-Archive: <https://lists.ffmpeg.org/lore/ffmpeg-devel/>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Owner: <mailto:ffmpeg-devel-owner@ffmpeg.org>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Subscribe: <mailto:ffmpeg-devel-join@ffmpeg.org>
List-Unsubscribe: <mailto:ffmpeg-devel-leave@ffmpeg.org>
From: usepgp via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
Cc: usepgp <code@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://master.gitmailbox.com/ffmpegdev/176296973017.25.8332553935218562573@2cb04c0e5124/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

PR #20900 opened by usepgp
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20900
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20900.patch

A chromium fuzzer identified this potential UB int overflow.


>>From d55c6e8a2c49319eb779ec795fdd657cbc524fc7 Mon Sep 17 00:00:00 2001
From: Ted Meyer <tmathmeyer@chromium.org>
Date: Wed, 15 Oct 2025 14:00:18 -0700
Subject: [PATCH] Fix flacdec int overflow with a saturated add

A chromium fuzzer identified this.
---
 libavformat/flacdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/flacdec.c b/libavformat/flacdec.c
index e80b49307d..219bc4e416 100644
--- a/libavformat/flacdec.c
+++ b/libavformat/flacdec.c
@@ -47,7 +47,7 @@ static void reset_index_position(int64_t metadata_head_size, AVStream *st)
     FFStream *const sti = ffstream(st);
     /* the real seek index offset should be the size of metadata blocks with the offset in the frame blocks */
     for (int i = 0; i < sti->nb_index_entries; i++)
-        sti->index_entries[i].pos += metadata_head_size;
+        sti->index_entries[i].pos = av_sat_add64(sti->index_entries[i].pos, metadata_head_size);
 }
 
 static const uint16_t sr_table[16] = {
-- 
2.49.1

_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org