From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 509CD45C65 for ; Fri, 13 Feb 2026 01:01:03 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b'xGRPvtyxYiDENwu4ID+UK7q/69b42+7+ckovLR7U7/Q=', expected b'5v2XEKtCnQgGGzFs2mhdjTg4PvcS9168yrwa2t69tGs=')) header.d=ffmpeg.org header.i=@ffmpeg.org header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1770944423; h=mime-version : to : date : message-id : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : content-type : content-transfer-encoding : from; bh=xGRPvtyxYiDENwu4ID+UK7q/69b42+7+ckovLR7U7/Q=; b=SEMv1Q0tGfcUPhYujagzolo7UQLyPOrHglWXtNDTORyvxl6lV9dwJFXvQdoX4ZF4gwgg2 WCndzWLa2XTwHmUj3HqcJ/3uEoErMCbuojR0e1UzerlDnfW2Zo19SEf4OhctT1g4f4kvzhi YXdLUMc3cqu5YCr9ZmRT+Gz1ywR4cGx3KKByMZboZYE9WpJ9mbkD6uzcYo08KXalc9FDbSQ 6JxFLFZQVDMGuCdHBM3Wlb8cskPTb/R1Q4zyvaQ8aAGn+4VDk9838/KnNfJJjZ2Y85M+LcQ m53ryES7xIzdIH/JLPBcONmvuF1ULOChRXSYGYh/bYk8oquC+TZEHpXK4guw== Received: from [172.20.0.3] (unknown [172.20.0.3]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id E6062691FAA; Fri, 13 Feb 2026 03:00:23 +0200 (EET) ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1770944408; b=gP0Eyyov7xNqHJ/lWmLOH0QEuQwz6cSZQOSrjKvV/ckI1cznrWuob4tNmM7r6KahyTkEV M08UO2pQx/Jdk5bUKdTY3uaEvKcR/sq3q4wxzqFHzjSVw04eptJCsI8bHv8t9j7jzCQWdnz 7EWnJHkymbpTafj+gKm90HmOrkZMm7jzbk5HCX0JZbcgeXUOmPM17C03MkmTFpGVSjQqN6j A6+amvtSLOLWY/qFSVEeXK7luDEsJ6cU1e5LqVMdJ1Mp6GGAyY5uZMRuT+ghsIUDc0cEsFQ n/V+cw7zjmhiBqRQz9RToGOUbNGaKFRAkfikqj/xbsWgSVXKQsPu2r504SiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1770944408; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=meH+jml7gbQW3bfdz8Fr8BlxYZlhdX+6/zZGP0jTkZo=; b=hEm1wlkqlZV7SLLciAirZHWgaJncJ1PlFkLrjtNVpnoQekFsLp6fRx26GDEic6miLvS0u 6aMimMvuaNjn5DktMOL+llgXUgpEg1R++KJWDPEidfIkBjm0tmGi3p44o6/j5826BEX9Dqr Ew+tB9SbQV51uzVwG8qNXHQnboNrzMDaG1guzJ9iEimeQa3/BRq9YItMirIXYbDdNvxAqJa NWl3vbm7YjuVuiB4oY8lkGlpEGBElUKFoI2n9pGO4sXgz6W3UZ6bKCi+1gxOdNVGkUlx0mU dazbgD6YhK63WDW8cI6mHSd6ThL6d9e2QQIQtwFgKRwNFw6Q7/yOofHHYWKw== ARC-Authentication-Results: i=1; ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none; dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine Authentication-Results: ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none (Message is not ARC signed); dmarc=pass (Used From Domain Record) header.from=ffmpeg.org policy.dmarc=quarantine DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1770944401; h=content-type : mime-version : content-transfer-encoding : from : to : reply-to : subject : date : from; bh=5v2XEKtCnQgGGzFs2mhdjTg4PvcS9168yrwa2t69tGs=; b=IB9p550LomJspFnU3kPNIy9wCquH425ZvaIWexEXP5xLLCU2Oaaiehkf99qIVLqrshQA9 YqFn4Mn6sVVyROcD2hMAMPV2+qE5uUGYSQGdtC29rNf3hiPK6GKFJsb79ykmO7oMxYCrLQu /7xVLiPvaw9j1tUt+Eey7mm1SsGGn9Yo8VMYQA1FFOVA9zsI6DQBjRj/oZx2HuEh2h17pba +l25km33+fN8egl/1PmbFqy+Ww6902/WcJMfdDxxhbOqtTruS12GIyaJiSiPHs7lri7o4sc V4jrTd5OsFfihmBoS/qegCV5dWb+9Dru7//myzj2Y7HXF4VLE/xdtqb/pP3g== Received: from c8d966988b92 (code.ffmpeg.org [188.245.149.3]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 40AB5691710 for ; Fri, 13 Feb 2026 03:00:01 +0200 (EET) MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Date: Fri, 13 Feb 2026 01:00:00 -0000 Message-ID: <177094440141.25.1078919601175018061@009cbcb3d8cd> Message-ID-Hash: OTZXXL4YRNO6X2ZF4RSERG4AMJAJR2PH X-Message-ID-Hash: OTZXXL4YRNO6X2ZF4RSERG4AMJAJR2PH X-MailFrom: code@ffmpeg.org X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] [PR] avformat/flvdec: Check *size in cts parsing (PR #21744) List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: michaelni via ffmpeg-devel Cc: michaelni Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Archived-At: List-Archive: List-Post: PR #21744 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21744 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21744.patch Fixes: Assertion buf_size >= 0 failed Fixes: 471553942/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5982849812725760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer >>From 1a9d949b2690f4419c55055f528e378c68526d4f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 12 Feb 2026 23:10:32 +0100 Subject: [PATCH] avformat/flvdec: Check *size in cts parsing Fixes: Assertion buf_size >= 0 failed Fixes: 471553942/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5982849812725760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/flvdec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c index d10fbf216e..18bdbd18bd 100644 --- a/libavformat/flvdec.c +++ b/libavformat/flvdec.c @@ -1775,6 +1775,10 @@ retry_duration: if (st->codecpar->codec_id == AV_CODEC_ID_MPEG4 || ((st->codecpar->codec_id == AV_CODEC_ID_H264 || st->codecpar->codec_id == AV_CODEC_ID_HEVC) && (!enhanced_flv || type == PacketTypeCodedFrames))) { + if (size < 3 || track_size < 3) { + ret = AVERROR_INVALIDDATA; + goto leave; + } // sign extension int32_t cts = (avio_rb24(s->pb) + 0xff800000) ^ 0xff800000; pts = av_sat_add64(dts, cts); -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org