From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 2A9764E4AF for ; Fri, 23 Jan 2026 16:54:44 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b'JBM7gi3I+KURY2ljD+NbN+/P7U0f7WLQ1fV5PYDixxw=', expected b'PNm0j4ZMqgzsBkI+a8nLpVdUTIjS566qj+VLqvEX+hg=')) header.d=ffmpeg.org header.i=@ffmpeg.org header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1769187279; h=mime-version : to : date : message-id : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : content-type : content-transfer-encoding : from; bh=JBM7gi3I+KURY2ljD+NbN+/P7U0f7WLQ1fV5PYDixxw=; b=GlZUhNwlT9sW8ggz4GwNhr+VC4b6abXuKq1gtIJviGwga9LQUOAzSlKpjRv7UhoW+sCET Fe2CgkoXMBxWotQ/bhCSbMLhCmJk0f/LauYBp7j1DLMGbzC0RfsEyCYcp28ivkbFtNCtHPF 7FFp4G3kGd1ELxkCWj/eEszotT3R7GkyAQOAhL5q2ySTXZYvV+ZH8u2OAbbjujSUyeiOVyf Vjwuwxac/dmWI8a9AgNsUVNskv6X7o2T7dzSMWTOTKAsoin5JIqMhTkOZcj1gustdhs69MY UCyNan+pZRSm/BXILUfjcGssoZ4YBAB5lXSqNqBmvtgovd0prF2t+zVMU81w== Received: from [172.20.0.4] (unknown [172.20.0.4]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 9681D691692; Fri, 23 Jan 2026 18:54:39 +0200 (EET) ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1769187262; b=UNYcgQD/2CikueK7dOpu71Z3gDZylbQsyzls7GtSOJf88yVXneAW6rs07thZppw1Q4TTi Z9tKqfQn3WXb0sCw+QVDrljOJM4SPRiNZTYy2bZSNYqQ7MwQN9j39rPbOys+2h7JTV5kwnK AZTwiUVU4hH7q82TCyxeI++GbEcRjR1sKyO0/wIiILeyAkfOEIMxdfw/c7r7PazJz8dOGzW zL2ApIYIMJiM/xijU41p0W+4aHJKjh3+vcnDAer4sHQxKAfbfFf/hrqsCHhw72vEamz2Thq Z4qg7cELXykAhtwHuHNk1oi5gY8U5wAmwpZN1TZuNb+5tcd+WRZ/AMJHbAug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1769187262; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=eZJc2LLu4JEByxLhVwcll8feRTAWbt+nqVzesbJLrck=; b=tVz1GNMRkRrH67PWtTRwWcA4bKvhPy6ir0WNNi+4g/qddZ8kcrproVbQi01jl8tLhDgif HqSzBGW8kAdVHtBn+htzVnr1X+kLoPrJ7qD7xsrq6VWJbOzqhcKLCCDByC/GkPt5L8wUA+I zE3Yw7j6RgCxu48nZPLSls++/l1eWjv33R81Wqx+OjfzDXbe7S41GaRF6hTM+BcV7vyzvC2 vKcOpyGlgwXaDbR4z4ZpdC7G03OHH4hUubGRWEFXpAIo5Ua26Js0ODf5MRJ77FOOzR1ZdvO OwHQzWOBoA/RCK41DBIjSGlSZ4jNzBryKP4jvcClM/yLRzA9tP9kYmCCwAiQ== ARC-Authentication-Results: i=1; ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none; dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine Authentication-Results: ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none (Message is not ARC signed); dmarc=pass (Used From Domain Record) header.from=ffmpeg.org policy.dmarc=quarantine DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1769187254; h=content-type : mime-version : content-transfer-encoding : from : to : reply-to : subject : date : from; bh=PNm0j4ZMqgzsBkI+a8nLpVdUTIjS566qj+VLqvEX+hg=; b=FhGEyzb1EJE8MF3idf+HJDpMv/xjQOWAi2QvA18dWDBTlaBZSEzLALVTLji2fa4ATQ72V kea6qOwdJ0g9/BhWYolUMYAsNFZf0YwEKzsTap96PUo4lHnBpKGXQaj7Lv8Bxoyl1lwZbgC a6srNPQWes3klp3jZ3/O4jsbwLhbYTaLCjWAruqrC1p1FSU/EIdZX7goY5A+EG2/4s/sD8L hQnsFe7dQ++FJ/7W5SEZC7weXZN1c5aV0aPxRdN98qLZLPukElynq6sH/bkWvML4X0sFD5t pJSJDvsoQ5jr+Q2xnc6gohAI4IrLijL9YHuvCYNqdwnt98vnz0+jhwrZ156w== Received: from 69dab402ede7 (code.ffmpeg.org [188.245.149.3]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 25AF56915DB for ; Fri, 23 Jan 2026 18:54:14 +0200 (EET) MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Date: Fri, 23 Jan 2026 16:54:13 -0000 Message-ID: <176918725426.25.8878697778924755859@4457048688e7> Message-ID-Hash: 42AEZFHQWFTXB4AMCXFJJLBVAUHP5FJL X-Message-ID-Hash: 42AEZFHQWFTXB4AMCXFJJLBVAUHP5FJL X-MailFrom: code@ffmpeg.org X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] [PR] avformat/mpegts: Check IOD_DESCRIPTOR len (PR #21562) List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: michaelni via ffmpeg-devel Cc: michaelni Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Archived-At: List-Archive: List-Post: PR #21562 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21562 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21562.patch Fixes: out of array read Fixes: VULN-7/poc.ts Found-by: Zhenpeng (Leo) Lin from depthfirst Signed-off-by: Michael Niedermayer >>From d12cf5c7252a73c296f59eda09d853ebd5ee958b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 23 Jan 2026 15:48:15 +0100 Subject: [PATCH] avformat/mpegts: Check IOD_DESCRIPTOR len Fixes: out of array read Fixes: VULN-7/poc.ts Found-by: Zhenpeng (Leo) Lin from depthfirst Signed-off-by: Michael Niedermayer --- libavformat/mpegts.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c index 7c19abaf76..dc8a0bd0a8 100644 --- a/libavformat/mpegts.c +++ b/libavformat/mpegts.c @@ -2524,7 +2524,7 @@ static void pmt_cb(MpegTSFilter *filter, const uint8_t *section, int section_len // something else is broken, exit the program_descriptors_loop break; program_info_length -= len; - if (tag == IOD_DESCRIPTOR) { + if (tag == IOD_DESCRIPTOR && len >= 2) { get8(&p, p_end); // scope get8(&p, p_end); // label len -= 2; -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org