From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 9D5094DD98 for ; Fri, 6 Feb 2026 21:44:22 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b'jqFzVvt8ZBFxE/SoorDBNJPIcVp/jK7G/6CGrc0+8Lg=', expected b'nq95b96KxDHINbs4+p4fPh/FbLuOZ3QiPWamTNWJI3Y=')) header.d=ffmpeg.org header.i=@ffmpeg.org header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1770414254; h=mime-version : to : date : message-id : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : content-type : content-transfer-encoding : from; bh=jqFzVvt8ZBFxE/SoorDBNJPIcVp/jK7G/6CGrc0+8Lg=; b=ocbRDfN6H4pAFmN8aJ0bLrtyu8tCuoSGW0Sd/0kt7y+T4k0BMDK1fdznqtJZmYLY8mi8e a6hJV1ZKHkWbO64bW2QrQLKzLi41wbOE+iV0m0ztdg6ohsck5Js6sXXHtwwt1M0qWKz0L+K rkXtPUHmIFVsFa/DFwyVHvlGQlgsuC15yKehjJIaqXGZUX3t4mniwjVnikjVea1SO6Lgncm dDGafAc0tYnop73eWs6+eqXlUAn0HxKEUbz56Rxv/enV2sOInRtgNn4miLDGxfKmSxf7gS8 WTRYWSzSu3vULi52jfLwmDcFMBjLIH02yAlXEyPTo3reZC7tgutiBMvPjTww== Received: from [172.20.0.4] (unknown [172.20.0.4]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 823DA691119; Fri, 6 Feb 2026 23:44:14 +0200 (EET) ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1770414238; b=WiJrM/1YGvI3mn+G3uKRnaFin5KKqbNVMYTkBGZi+Y1sbDarGhadFyenbm5iWaIet3bKt ZKwajHacVYWrzPgpyMiVOoZ06t20aiTa4Dm+lwAb7lz+kQ/46t4jUituLNOJYQOuoX0ml4e zXIRCMzPBHKdJ/+xSA8DdK2ffFi22URXxXESq9Pysp4K6fwsDwloQrXbgEoI72b0+tMowDr 7G9nTodKDAkqkfUKAybO9SzwFP4PpXO0OnepTxD9qio9YoWunleJ7vEtZz/V0beSaZNfVl/ vEhbEHK/8XvBLP2UYzzvSxoa7AMHFxUSCT/t7bsa0MMf8To39hksQT6blUHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1770414238; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=wx7r4j60Z9qCU8FAFIBhtfFkkm8l8p7gEus9/6C7uoI=; b=OS1hxIQBiIfAVCfSj0G2hWpGTyrsBAnyl4SeDuTYKf2WsU9pKOOW4iKCPdm7ZGVurtqBY 9ap064FOjDH1GYPPAHzmCv82YNKLVa/qjgJAZWmh0opSmfU9XO4bpfes9rrK/aS1tX0ZsO0 /uDNQYD2pHTHoVlVoqCczuFIYUi8raVvCSFUwrI3e98gqsA6/AMW4n4VJtChnlgD7pDTZHL HnfsR8fKGLTn2TekyYKYqujqjvFZ56LJ33Pp2uLFHkNgg1wPLo/seIfkrt2q6tsiusOJmF3 Bela61g6xpUSKrixWHUicx8PG0gA42g4PMEel88it15CpSk55ByIisppKLxg== ARC-Authentication-Results: i=1; ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none; dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine Authentication-Results: ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none (Message is not ARC signed); dmarc=pass (Used From Domain Record) header.from=ffmpeg.org policy.dmarc=quarantine DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1770414229; h=content-type : mime-version : content-transfer-encoding : from : to : reply-to : subject : date : from; bh=nq95b96KxDHINbs4+p4fPh/FbLuOZ3QiPWamTNWJI3Y=; b=SR2RDz4tUWsaKqMT/5b0HqBQvhDlGphbTlO/73CWz7CGWdHbsNVFPZ4Y5gFH4EWL8JqPU PuOyk7IKGf55JqDb35WmQA9zuXdhw0prAAi1ATW8BwkqwlZVyYJ8DLH2N/Ix0wy/QYVWqPJ 1GF1DL8QwXkFhpYfhnz7ad06iwu7pCsrWWr0cLQKgGHlHgyYPjB2wZXEORhgh8R/hPJVxWu XBKMlZLQVND9iBPcAO4E9NS7mQLjvDF2PstrWBl/ztdOHP0NjU/ftvGkShBWj9qIVXc59ZZ uHui6D1aTI47fL3RTQ2LIwBFrfWiCP+3Oe7VBBI1jMgIW8fvd6z7oap2CdvQ== Received: from c8d966988b92 (code.ffmpeg.org [188.245.149.3]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 1921E69109F for ; Fri, 6 Feb 2026 23:43:49 +0200 (EET) MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Date: Fri, 06 Feb 2026 21:43:48 -0000 Message-ID: <177041422919.25.17459853676449338780@4457048688e7> Message-ID-Hash: AYB5INX2M7T6JPIGCUZ5LUQHJNW4NRHU X-Message-ID-Hash: AYB5INX2M7T6JPIGCUZ5LUQHJNW4NRHU X-MailFrom: code@ffmpeg.org X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] [PR] avcodec/mdec: Check input space vs minimal block size (PR #21667) List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: michaelni via ffmpeg-devel Cc: michaelni Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Archived-At: List-Archive: List-Post: PR #21667 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21667 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21667.patch Fixes: Timeout Fixes: 481006706/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MDEC_fuzzer-6122832651419648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer >>From b99718982527bcb6735882e662d2e902fd431797 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 6 Feb 2026 22:37:53 +0100 Subject: [PATCH] avcodec/mdec: Check input space vs minimal block size Fixes: Timeout Fixes: 481006706/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MDEC_fuzzer-6122832651419648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/mdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/mdec.c b/libavcodec/mdec.c index c8865d7c63..580e4fd5a7 100644 --- a/libavcodec/mdec.c +++ b/libavcodec/mdec.c @@ -174,6 +174,9 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame, int buf_size = avpkt->size; int ret; + if (a->mb_width * a->mb_height * 3 >buf_size) + return AVERROR_INVALIDDATA; + if ((ret = ff_thread_get_buffer(avctx, frame, 0)) < 0) return ret; -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org