From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id 903304E9F8
	for <ffmpegdev@gitmailbox.com>; Wed, 11 Feb 2026 00:02:26 +0000 (UTC)
Authentication-Results: ffbox; dkim=fail (body hash mismatch (got 
   b'ovFIrmgE2Ff8EyRV8aiJrAquXUy1SxFz1XocyTGJFAQ=', expected 
   b'TkG1O7GFspsWcnOeXDzh6Vcj7uGu6vKb3u1UciVDETk=')) header.d=ffmpeg.org 
   header.i=@ffmpeg.org header.a=rsa-sha256
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1770768121; h=mime-version : to :
 date : message-id : reply-to : subject : list-id : list-archive :
 list-archive : list-help : list-owner : list-post : list-subscribe :
 list-unsubscribe : from : cc : content-type :
 content-transfer-encoding : from;
 bh=ovFIrmgE2Ff8EyRV8aiJrAquXUy1SxFz1XocyTGJFAQ=;
 b=hbNwi2g3ljHBRIHHH+F6XyKzPwEqnBCfTMRJUQxkLiMcxRKZCtBaflWzh8Y2IJ6rtWXvh
 0EDrFe8xrE3eYw9PIUjbAMwR4hXofzi7hOXo4SkqOqt925Acs7th2qoh+iFgZqpEH9Gyaor
 efX1/DU9Q9t2IXdeyXm0qzlvEmKmRoplFH3jOU0V9RhtlquUpo4QbNCvWGTgPECcnVgS34M
 LL83KT3wQJt118X+qiNk6bYmxOzsuzGC1V3NH7J83eBpJWxwrs7W9xnBUno9pK9e/K5kCJ6
 kN7EpkxSNFTHZ4KKTFwHs5r+RTOAijQuDWErzIFTAjjTf77VVa8dbUiXQrKg==
Received: from [172.20.0.3] (unknown [172.20.0.3])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 82F8269176E;
	Wed, 11 Feb 2026 02:02:01 +0200 (EET)
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1770768063;
 b=O7G4GdM1tkvFdrZhK3JTOyP1wiTRSIm6YeUHoKRKxWQj6pKsoqLVQ2A5oARFJg7uf2KE8
 HT3BKzPV9aDd5SA9K3bkbvLMZViMiE3o2jMSz19QQPY/FYElqAV96jtR3pyOW+LsX9if/GG
 8pafu/6ILmRrP+m4ImtkGuPtyxMcNiE8s218Y8YVV91lXyjDQe0KtE+3GyR8pdxPYHOV0B7
 LLY5Aqy1MS8qI8YmOCgqQBev9v9b/Ga9NVyEmUZvWXfw7zr/isotryFWgQrMUz1ADhUz//n
 UoB1K024LA/Ahe0zfQLwzOBaztcKucdB1SdyUTOkdPsFFgR3s+1/RVengE3g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=ffmpeg.org; s=arc; t=1770768063; h=from : sender : reply-to :
 subject : date : message-id : to : cc : mime-version : content-type :
 content-transfer-encoding : content-id : content-description :
 resent-date : resent-from : resent-sender : resent-to : resent-cc :
 resent-message-id : in-reply-to : references : list-id : list-help :
 list-unsubscribe : list-subscribe : list-post : list-owner :
 list-archive; bh=F7/BdxFi7p5hIw8Y6ocQKRnqsDm7FPYyQP4kzEOYe1k=;
 b=C5HPO+r2T0+84rcr37ZYnIo7jLDLbsU/oojQXXpp2vko+X7ijILrh0/bVebtc5/3pQkZ/
 ytsrCKUDiJfSJvdvMuFgdvWgsX4V17bywgvVXEnoXcDPANb5o0bAP3pcDfgKq+pSvYnpoKy
 BpnK6ZNLTaWiIS9vdZIkPbmr1Tx/XmA2JYt5HoFg3BxPUB00QzvjcnMI9I9Gt42exZ+XJTM
 Ecy0rW3an03SSdlPl0r2F7q9VEKPLCDsKgbDy4R5B8XSbyfnEhYn4MWlF0kWC2uQJTdRLy6
 WmQe0FxOHmBUuRXUYFrIz9owoUqvs+7GLJdXCZg6857JB11UDfJ1q5sX6dDQ==
ARC-Authentication-Results: i=1; ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none;
 dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine
Authentication-Results: ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none (Message is not ARC signed);
 dmarc=pass (Used From Domain Record) header.from=ffmpeg.org
 policy.dmarc=quarantine
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1770768031; h=content-type :
 mime-version : content-transfer-encoding : from : to : reply-to :
 subject : date : from;
 bh=TkG1O7GFspsWcnOeXDzh6Vcj7uGu6vKb3u1UciVDETk=;
 b=aakyasCFsjDbTAxy/3DS5DlgBNyO2L+3QstLx/XYPc1DlqftvGoaA6UJXYAtG0dpEzfIh
 JKzyN0sf7vTEQ2L2dJFXiI3fgCQ+F5Z8RC1BsIb6mP2bjAWGEjpvXRxTCWLsw162oxLVC2H
 VoBTJYaUFu9hzVHojwJ7EF7HtXC0JF+lDY+Jf1GvmVA2SIyDl5TSvSXdmvwH9uyH3VL/VGc
 xjfZ3JV84X1PRr5dFPbzeUti+sU9RsyqpMOUnr0s7wBB3lqhukK0jm3ijQbcbkgCtpVo45U
 tHaJOD3Wk9pdtSywKVQa0nRSYbBiO4NLsXMiaPb+VuG8IpgA07WPL0bkiCIA==
Received: from c8d966988b92 (code.ffmpeg.org [188.245.149.3])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id BB63569170A
	for <ffmpeg-devel@ffmpeg.org>; Wed, 11 Feb 2026 02:00:31 +0200 (EET)
MIME-Version: 1.0
To: ffmpeg-devel@ffmpeg.org
Date: Wed, 11 Feb 2026 00:00:30 -0000
Message-ID: <177076803310.25.8650632201376187023@009cbcb3d8cd>
Message-ID-Hash: TKN4QX4DNOCXCOUWOPDA7OM4K4MYY3PI
X-Message-ID-Hash: TKN4QX4DNOCXCOUWOPDA7OM4K4MYY3PI
X-MailFrom: code@ffmpeg.org
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-ffmpeg-devel.ffmpeg.org-0;
 header-match-ffmpeg-devel.ffmpeg.org-1;
 header-match-ffmpeg-devel.ffmpeg.org-2;
 header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation
X-Mailman-Version: 3.3.10
Precedence: list
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: [FFmpeg-devel] [PR] avcodec/pdvdec: Check input space before buffer allocation
 (PR #21726)
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
Archived-At: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/message/TKN4QX4DNOCXCOUWOPDA7OM4K4MYY3PI/>
Archived-At: 
 <https://lists.ffmpeg.org/lore/ffmpeg-devel/177076803310.25.8650632201376187023@009cbcb3d8cd/>
List-Archive: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/>
List-Archive: <https://lists.ffmpeg.org/lore/ffmpeg-devel/>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Owner: <mailto:ffmpeg-devel-owner@ffmpeg.org>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Subscribe: <mailto:ffmpeg-devel-join@ffmpeg.org>
List-Unsubscribe: <mailto:ffmpeg-devel-leave@ffmpeg.org>
From: michaelni via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
Cc: michaelni <code@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://master.gitmailbox.com/ffmpegdev/177076803310.25.8650632201376187023@009cbcb3d8cd/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

PR #21726 opened by michaelni
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21726
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21726.patch

Fixes: Timeout
Fixes: 474457186/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PDV_fuzzer-5366108782919680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>


>>From e33963ce220bf65f25377c62514de46c5180ce97 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Tue, 10 Feb 2026 20:13:07 +0100
Subject: [PATCH] avcodec/pdvdec: Check input space before buffer allocation

Fixes: Timeout
Fixes: 474457186/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PDV_fuzzer-5366108782919680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/pdvdec.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/pdvdec.c b/libavcodec/pdvdec.c
index fffc95a530..7f41b36432 100644
--- a/libavcodec/pdvdec.c
+++ b/libavcodec/pdvdec.c
@@ -77,6 +77,9 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
         return AVERROR_INVALIDDATA;
     }
 
+    if (avpkt->size < avctx->width * avctx->height / (8*1032)) //Asymptotic max compression of deflate
+        return AVERROR_INVALIDDATA;
+
     if ((ret = ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF)) < 0)
         return ret;
 
-- 
2.52.0

_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org