From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id 53D8D4DD83
	for <ffmpegdev@gitmailbox.com>; Mon,  5 Jan 2026 17:12:50 +0000 (UTC)
Authentication-Results: ffbox; dkim=fail (body hash mismatch (got 
   b'0h5wFkrsxY4aErjVXCtsYqPsvKHttbDqE17lvLG2oYE=', expected 
   b'oyj0Yl8o8MKHmMk6qOrW//Bbf9UVRAZCd6XUKX7i6l4=')) header.d=ffmpeg.org 
   header.i=@ffmpeg.org header.a=rsa-sha256
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1767633162; h=mime-version : to :
 date : message-id : reply-to : subject : list-id : list-archive :
 list-archive : list-help : list-owner : list-post : list-subscribe :
 list-unsubscribe : from : cc : content-type :
 content-transfer-encoding : from;
 bh=0h5wFkrsxY4aErjVXCtsYqPsvKHttbDqE17lvLG2oYE=;
 b=AadNyUN9L2JCFpNe4TxTcxeKa2o9rdnZFPtRXLpYAib+N5HMkDuc1ghXdyWX0ASPxEAZL
 3UmTx6YCU0Bm+9TOot6aNMXHhozuob1NabwUpl8ecO2HPJqCyNTN9uq+OdJ1pYOA1+A2SuK
 c9/tEjouVxL/4S/AGXg8Unyr18u0LmJrLTLSWamRHpfodaE1FSkN0ksyKXa/DAdhl51w7dv
 7j4/fbcrLWsThci4aJYy4koTEwphBFf6Xi2RweO/tOFf0skGNuK5VU7DnEIhOMN+jX9uj2P
 QD+1g8xiK+cdM3qaJpqntyOHlVIyANWqxltUwBK+KELEU6JhXwq0ON58o5ow==
Received: from [172.20.0.4] (unknown [172.20.0.4])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 996D46904D7;
	Mon,  5 Jan 2026 19:12:42 +0200 (EET)
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1767633150;
 b=V1OOSUW0mJeQ/rFM4NXQ54SM1Q5F2XPwZ5Z5SZNkoqR+6mQ9kM4cWCpoBCyoUljr9TV0x
 Et75Ktne+CEj1UDXSXSeQ9B4nbyQjs50lwkKCHN7XMMXnfjmQGLpb80pUICxR55Y2D8gN97
 ihsyoksx+IrXyN6ekHOmdS5J2CzBgvfJUZKZ3rKF/6nLBpzgPnMYp6VejSfh45dNmzKJyji
 NZic9U6svLIMxaVM56JrhRWiP4y0d23cgdjo739xgWkjr4BFVJGVno4xqR4+B3NC73y+ffl
 X0e7XWEYh/Q/vFbE8vNjZ/2UdwrsGRhJnCdFa3mdzcLOE4SQJasOO8NjlnCQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=ffmpeg.org; s=arc; t=1767633150; h=from : sender : reply-to :
 subject : date : message-id : to : cc : mime-version : content-type :
 content-transfer-encoding : content-id : content-description :
 resent-date : resent-from : resent-sender : resent-to : resent-cc :
 resent-message-id : in-reply-to : references : list-id : list-help :
 list-unsubscribe : list-subscribe : list-post : list-owner :
 list-archive; bh=6kTEGTAdYAeWpNP8Mk0xbyVuMi1p5FYJe6qQxmcUFBE=;
 b=anWn63CBZuCRPJjxucBw/01gt1FGmkO/E8KINoJgb0FtkdB/foiXZaNDpq01Rlpk4GJae
 ECKrXrYUBVZCXwDJKxf6gv8mG6vJCejJ57tUP8scn762GMDrzPYzMB/c+TPaY8hXwTjlNpT
 ZCWCbqJkBYgGSIR6wqFYsNxB9uFzTM/2GmX3cqnQSldNKwk+OsKISKQZXFMx9ZETFFGhTwv
 2wGsfNV36+XLO37qeezHI573v5GmGgeAOkKQi5NNEzEVxwMGVfrrcOhQZRfqll/3w9OYpi1
 etIEb8vayDj4bOKY+fvgX+aBuWSTBCdwK0UTXPu0eqLTgWn/5XDiDYWjsIYw==
ARC-Authentication-Results: i=1; ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none;
 dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine
Authentication-Results: ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none (Message is not ARC signed);
 dmarc=pass (Used From Domain Record) header.from=ffmpeg.org
 policy.dmarc=quarantine
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1767633142; h=content-type :
 mime-version : content-transfer-encoding : from : to : reply-to :
 subject : date : from;
 bh=oyj0Yl8o8MKHmMk6qOrW//Bbf9UVRAZCd6XUKX7i6l4=;
 b=APpxdt1R9jskAuZv3GaRcrYPWzf0ER3Q80tU6k+d1CEJGWv9xtnFycDra8fR067jABeYS
 yL4Z547I51Qy7HYPRQBpE96A9xiOmthIU+g8ur+ww2LivicIS1bE7+k0dcVrao6a9OOsbsh
 GQaXXML7RZ+61j+Jfm9+r7/sH3/4622CCG7/efE4Q3/WOazfoIq3GsXjmVHmJx3A4XVhAEL
 D1Pe1WZhhVfzce7GZ3CcZXW/yegw9O7ys/Stb+hVh+YzwePZgLaSKes9l8qtd1Zfp6de/u9
 X4Rkx1hszGLJjeitwQPujrwg7Hukfwjbr8lOrdBs8qcIBB/Luk/u8NdigeSQ==
Received: from de3a2b3407a2 (code.ffmpeg.org [188.245.149.3])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id C6B4E6906B1
	for <ffmpeg-devel@ffmpeg.org>; Mon,  5 Jan 2026 19:12:22 +0200 (EET)
MIME-Version: 1.0
To: ffmpeg-devel@ffmpeg.org
Date: Mon, 05 Jan 2026 17:12:22 -0000
Message-ID: <176763314293.25.8417260284875775060@4457048688e7>
Message-ID-Hash: AB6KAH4SLKPJBI5GQT2VWEDYW4WZSNXP
X-Message-ID-Hash: AB6KAH4SLKPJBI5GQT2VWEDYW4WZSNXP
X-MailFrom: code@ffmpeg.org
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-ffmpeg-devel.ffmpeg.org-0;
 header-match-ffmpeg-devel.ffmpeg.org-1;
 header-match-ffmpeg-devel.ffmpeg.org-2;
 header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation
X-Mailman-Version: 3.3.10
Precedence: list
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: [FFmpeg-devel] [PR] avformat/img2dec: Check avio_size() for failure (PR
 #21384)
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
Archived-At: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/message/AB6KAH4SLKPJBI5GQT2VWEDYW4WZSNXP/>
Archived-At: 
 <https://lists.ffmpeg.org/lore/ffmpeg-devel/176763314293.25.8417260284875775060@4457048688e7/>
List-Archive: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/>
List-Archive: <https://lists.ffmpeg.org/lore/ffmpeg-devel/>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Owner: <mailto:ffmpeg-devel-owner@ffmpeg.org>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Subscribe: <mailto:ffmpeg-devel-join@ffmpeg.org>
List-Unsubscribe: <mailto:ffmpeg-devel-leave@ffmpeg.org>
From: michaelni via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
Cc: michaelni <code@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://master.gitmailbox.com/ffmpegdev/176763314293.25.8417260284875775060@4457048688e7/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

PR #21384 opened by michaelni
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21384
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21384.patch

More complete fix for #YWH-PGM40646-32

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>


>>From 1c214abfd52ac09cb5cb71de70e6475bb7f80747 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Mon, 5 Jan 2026 18:07:49 +0100
Subject: [PATCH] avformat/img2dec: Check avio_size() for failure

More complete fix for #YWH-PGM40646-32

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/img2dec.c | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/libavformat/img2dec.c b/libavformat/img2dec.c
index 586634c0c3..523015e4c6 100644
--- a/libavformat/img2dec.c
+++ b/libavformat/img2dec.c
@@ -367,7 +367,6 @@ int ff_img_read_packet(AVFormatContext *s1, AVPacket *pkt)
     int i, res;
     int ret[3] = { 0 };
     int64_t size[3] = { 0 };
-    int64_t total_size;
     AVIOContext *f[3] = { NULL };
     AVCodecParameters *par = s1->streams[0]->codecpar;
 
@@ -458,15 +457,15 @@ int ff_img_read_packet(AVFormatContext *s1, AVPacket *pkt)
         }
     }
 
-    total_size = size[0];
-    if (total_size > INT64_MAX - size[1])
-        return AVERROR_INVALIDDATA;
-    total_size += size[1];
-    if (total_size > INT64_MAX - size[2])
-        return AVERROR_INVALIDDATA;
-    total_size += size[2];
-    if (total_size > INT_MAX)
-        return AVERROR_INVALIDDATA;
+    int64_t total_size = 0;
+    for(int i = 0; i < 3; i++) {
+        if (size[i] < 0)
+            return size[i];
+        if (total_size > INT64_MAX - size[i])
+            return AVERROR_INVALIDDATA;
+
+        total_size += size[i];
+    }
 
     res = av_new_packet(pkt, total_size);
     if (res < 0) {
-- 
2.49.1

_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org