From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 5188C4E1E3 for ; Sat, 14 Feb 2026 01:48:18 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b'1pTgqvZleN5Uqxw3C4IDFyz678K/ZrKFbWRV8tpXAdQ=', expected b'jD7lX/SHUY5fmcrTd+l+wpf3MRmTFRLGJg3KEFsWM7Q=')) header.d=ffmpeg.org header.i=@ffmpeg.org header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1771033696; h=mime-version : to : date : message-id : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : content-type : content-transfer-encoding : from; bh=1pTgqvZleN5Uqxw3C4IDFyz678K/ZrKFbWRV8tpXAdQ=; b=nEB2c6nxm9hoXXqOh9q0/sk+fbnUizPDCuFfSalO9TJyS8nGZRhzWBHg0455z9ltcI3GZ tpYUPbXfWMEDyQxeecA4bLT3Nbr+a6cwy+ERLNw5W8nUC1yyqdB9Gmff3q3eX4rqiSgT1bt Yl68frXWyWMjND/wGJMXkaNomHjAxcPu4Oo5ISgDDSAuWYo0+7Xt5wNuL84TmBVD1KxpBGm mqXIpctl6tdMkbZEgNyBxafFFK1DgS/NMMBUBjtH14ptEPFisN2gTL2rbjejp4geICg3nU3 OoBuQyWAdf3CNnMg8sL6YGqVseUkUS0mG8Qjctua1W3REhIeG547l74VMbpw== Received: from [172.20.0.3] (unknown [172.20.0.3]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 194E469116A; Sat, 14 Feb 2026 03:48:16 +0200 (EET) ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1771033688; b=f8X8kSkW4HfxYemJ4Mr9TyneR3U2zZX8/DEJ1mFvBtCOeI3jOCjs2r0Q0eYjdTvms+gv2 AAFibscXaD7FMqVnKSzT2osFqB60DlBig8otLP+shpBrE+LkFMtxPnYK2ppi8d3ionNfOGn SGf7F7lIrptmiPEcUitUW6MTpwFKsUbfxO5bDdDNzVCj2/1G8LUzbaDCPykSntXFkHAbSGm weRK7zPjVEq0FyeJn93O7tB2S7M4/GqfCOQPVNCCGfjw43aMq45bWCbyx2GskiLug1jG5Ue IrCk0LBMc6lHEobUbTAT3VOMGqfUPZXMISAlSeMQI/VirKOOkFK+XbLoUTbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1771033688; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=jJBMfkdYgtSIMnv9ZQUI1QS6URGssnJM/D/bu/LmK0w=; b=DxOYL99IoRd6KPHSHmWiWTjxiLtFFmj7/ko41FvkSi/xBn5CVnI5ud8MYHRB02RWMFyZm quui/VWTtr5QkGeaWmiwtYCHYCkuQwPxv0Fj/WBVCnn8wboj74Rl1xBTThZrB3hIsNDy7Tg UP0WSM7EVSpRpeI7VJ0U+ygEwtt1xN1M5dy4xwMkVJLQV9JV9NZznGLVSECQ/FIVXQQMUla Gyy4seqbGO5bJi4zIMlmHdFktjIYEFKFNXRJkWbViGw7isLDiOsPUMv5M1BA8CHZfVzhyPF gJ0IQEmE9mD9RL8wl1fneyF4ig/2Suedq46WPzpx8cH+v42Be2+jD5b7NSaQ== ARC-Authentication-Results: i=1; ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none; dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine Authentication-Results: ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none (Message is not ARC signed); dmarc=pass (Used From Domain Record) header.from=ffmpeg.org policy.dmarc=quarantine DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1771033682; h=content-type : mime-version : content-transfer-encoding : from : to : reply-to : subject : date : from; bh=jD7lX/SHUY5fmcrTd+l+wpf3MRmTFRLGJg3KEFsWM7Q=; b=R/Xr5IO/osEoepxgzIxruyTmlbYNyfeFOnyMVSH9QTw0Y2ssHgIjBwYhXXgcNykiUivis JGz59whxZiWIf6QkPUrglshjUjBGGM1OR5nSCgajQ8TplmDVA/bvQc8VKFVpT7a9s0qlq3w RecAWyGpRQYC1F7UiyJ2OMsw1EsHjjQcQIK8we35/9OqqjZlLyETlB3OfwMFsNmjADsKe03 wDsKOhCedG6GtO4/a1JvklSYO2Cvfkux61XtEpCq5pbeqcVOaO7/GRqiX99OEPUqfIt9JtO 6KasGVR1GpCZVzv4h8D0o3XYHupCoZcET9+nL4l5Gy1q5MXXnEJbluC57C9A== Received: from c8d966988b92 (code.ffmpeg.org [188.245.149.3]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 4DA2C691110 for ; Sat, 14 Feb 2026 03:48:02 +0200 (EET) MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Date: Sat, 14 Feb 2026 01:48:01 -0000 Message-ID: <177103368246.25.9118177591893588779@009cbcb3d8cd> Message-ID-Hash: FCQPN5KR34VXV5MSTX3UPOACAUU3EV5D X-Message-ID-Hash: FCQPN5KR34VXV5MSTX3UPOACAUU3EV5D X-MailFrom: code@ffmpeg.org X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] [PR] avformat/icodec: Check size (PR #21754) List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: michaelni via ffmpeg-devel Cc: michaelni Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Archived-At: List-Archive: List-Post: PR #21754 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21754 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21754.patch Fixes: signed integer overflow: 14 + 2147483647 cannot be represented in type 'int' Fixes: 471688026/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5616495813263360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer >>From 77a367ccf68599e8c83778a93417edbdfb76c481 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 14 Feb 2026 01:39:22 +0100 Subject: [PATCH] avformat/icodec: Check size Fixes: signed integer overflow: 14 + 2147483647 cannot be represented in type 'int' Fixes: 471688026/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5616495813263360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/icodec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/icodec.c b/libavformat/icodec.c index b09d0060a6..4eddc8fa3c 100644 --- a/libavformat/icodec.c +++ b/libavformat/icodec.c @@ -113,7 +113,7 @@ static int read_header(AVFormatContext *s) avio_skip(pb, 5); ico->images[i].size = avio_rl32(pb); - if (ico->images[i].size <= 0) { + if (ico->images[i].size <= 0 || ico->images[i].size > INT_MAX - 14) { av_log(s, AV_LOG_ERROR, "Invalid image size %d\n", ico->images[i].size); return AVERROR_INVALIDDATA; } -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org