From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id AD8274E95B for ; Tue, 10 Feb 2026 03:20:07 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b'BWp+HBCnJaSBJUZMvJaEpinKRoelL2bfJBTYT2Jnm24=', expected b'R90VBBVa4gSjV7rbSMqR3wa5StS7wDgs3Kz/ExUxFl4=')) header.d=ffmpeg.org header.i=@ffmpeg.org header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1770693597; h=mime-version : to : date : message-id : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : content-type : content-transfer-encoding : from; bh=BWp+HBCnJaSBJUZMvJaEpinKRoelL2bfJBTYT2Jnm24=; b=Ha8YdyeX4ZPJ8HXLr5i21TRJE0YLrJJS+q0vadklEOYGCrEbfp9oNVpW2gplIISu5YynJ F2zOb/8Ju5ggZJn0D2dWF68t+hdnbprEMB1N95nvJsT/y/jX/YS0l4ZjQIVM4s0KUhEPNVe YDZrhf1JYZgfqnKu617xbQ1kNa5QCch+vvSYGs7WK7+G8rqG8PpsYRqnGJD1NRIpJcV4dzB Dl0rl5Ggdn9H6Pz4v607Cj4N+g4YrAgi0J5r6Wr7bElOflQ9hgn+LqJ0LtXHpaG326v+5CC 7iHu0lbteLCl9h3VMWDG/yZgtlVuYQNYPgbXS3/NYMn7FoLe7JA4S4XPSG6A== Received: from [172.20.0.4] (unknown [172.20.0.4]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 2DE79691262; Tue, 10 Feb 2026 05:19:57 +0200 (EET) ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1770693581; b=NMiqpn4neFWPzuQzKICRU0jmIGoU1QWvHJ1qemOoIbmqAzlfjQM55m+w4wBHC0UZLEDQq f3v7Cz88V4giTKUQ8M4kcUOA3zbJKU9MW2ieaBvnglV1kVla/e7vKViaPWaVY4O+OUN7reY AOn6nUhkrFjKBp/gHrnP8pvzciCZT3ahzAkqdx+3G7K7aQjY70VosOQQn1FB1khHETSziMB FtZIwPpiTCbz4JoGsW7KJ4b5XIyjuhvC0W+lvnDHWma62aD16XVMuv5kLc6vh09mo+FdKIr 7UHc90MYhijD/jjlRwyVTwqm5W84Zd9q94E+PmXszFkhXCL5//dpZ8NFkQsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1770693581; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=17vzD3zlL6UKSi8Xia2Qvt4aTOUBbCS93/XEPAsfsGg=; b=bBfdc6KS+frlzu4NZ2SQdT/GuBk+eOVTg1HzwXcquXke6HSyedhTRrpd2PnQ/nednxAMn nAii3BRZYvj4Hgpf1eAC42hbh1shlFx0ttQJq2+y5rKTz49sUqUSAjL+VWzE1nEjV26U+1K BZHE7ehIoDOx9q89DrGE7PRgBBBA/mXi7klHQgWNh+IUCA0FcWEGuA+8SXxa4BaC/NzH2v1 vzngCYnxxprqaCN94Q8oOqLcOv/axGlf9/Y7UrhAKKtcxBjfa9cZcIyNdP/j8iALZcUCI9z wkwnPMnz5txLkrDZTLnwacbDySN2NOEq5ImMKd58z3OoMfskbP36Y6pezWeA== ARC-Authentication-Results: i=1; ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none; dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine Authentication-Results: ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none (Message is not ARC signed); dmarc=pass (Used From Domain Record) header.from=ffmpeg.org policy.dmarc=quarantine DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1770693574; h=content-type : mime-version : content-transfer-encoding : from : to : reply-to : subject : date : from; bh=R90VBBVa4gSjV7rbSMqR3wa5StS7wDgs3Kz/ExUxFl4=; b=4yTe2ZAUnGpa5sV8ofSCzM9WK+H59Y6l6oTGNPBBnql9IdGPFoXGIjkCLaa2b9j5MQtWO c4zHJvCeg7Ad+nKr2GDbYUwV9fpxo8KfWTxlQCZfgFJjg0jBd6i577jVCKkzrwkX9TKAFqD /SG31No09hJomoqbxl35Qla3hIDAOREA/KqJlKR+OvLrQw1+5JNku1M7peAdm32tVzNIL/1 cbTd44QYW54XO48UDjLJtU2eiI2o0USFtng0l3l2sATnGnoLC3GfVZAypEHoVkYk4UzyxMq MzIkzkfJfJJyKa2F7aoDz/9kmqkqaeUl2Zo94iMYsYJJo0+ZmQ0vLkw7UznA== Received: from c8d966988b92 (code.ffmpeg.org [188.245.149.3]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 724826911DA for ; Tue, 10 Feb 2026 05:19:34 +0200 (EET) MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Date: Tue, 10 Feb 2026 03:19:34 -0000 Message-ID: <177069357459.25.10057786069471844589@4457048688e7> Message-ID-Hash: 564IHO4LFC2C357QODXD4JNXDA6P2BBT X-Message-ID-Hash: 564IHO4LFC2C357QODXD4JNXDA6P2BBT X-MailFrom: code@ffmpeg.org X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] [PR] avcodec/flashsv: Check for input space before (re)allocating frame (PR #21706) List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: michaelni via ffmpeg-devel Cc: michaelni Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Archived-At: List-Archive: List-Post: PR #21706 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21706 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21706.patch Fixes: Timeout Fixes: 471605680/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLASHSV2_DEC_fuzzer-6210773459468288 Fixes: 471605920/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLASHSV_DEC_fuzzer-6230719287590912 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer >>From 164e3ff9ef9cd8f550c0972d62822a055632897e Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 10 Feb 2026 02:37:58 +0100 Subject: [PATCH] avcodec/flashsv: Check for input space before (re)allocating frame Fixes: Timeout Fixes: 471605680/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLASHSV2_DEC_fuzzer-6210773459468288 Fixes: 471605920/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLASHSV_DEC_fuzzer-6230719287590912 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/flashsv.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/flashsv.c b/libavcodec/flashsv.c index d27918c923..ba5c995006 100644 --- a/libavcodec/flashsv.c +++ b/libavcodec/flashsv.c @@ -314,6 +314,9 @@ static int flashsv_decode_frame(AVCodecContext *avctx, AVFrame *rframe, v_blocks = s->image_height / s->block_height; v_part = s->image_height % s->block_height; + if (h_blocks * v_blocks * 16 > get_bits_left(&gb)) + return AVERROR_INVALIDDATA; + /* the block size could change between frames, make sure the buffer * is large enough, if not, get a larger one */ if (s->block_size < s->block_width * s->block_height) { -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org