On Thu, Jun 26, 2025 at 12:12:46AM +0200, Michael Niedermayer wrote:
> Hi
> 
> On Mon, Jun 23, 2025 at 11:19:29PM -0700, Pavel Roslyy wrote:
> > ---
> >  libavformat/usmdec.c | 53 +++++++++++++++++++++++++++++++++++++++++---
> >  1 file changed, 50 insertions(+), 3 deletions(-)
> 
> will apply

bug found, not applying yet

ret = ff_alloc_extradata(par, pkt_size + key_buf);

pkt_size + key_buf can overflow i think

also LIBAVFORMAT_VERSION_MICRO could be increased

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Many things microsoft did are stupid, but not doing something just because
microsoft did it is even more stupid. If everything ms did were stupid they
would be bankrupt already.