Hi Kieran

On Mon, Jan 05, 2026 at 10:38:29PM +0000, Kieran Kunhya via ffmpeg-devel wrote:
> On Mon, Jan 5, 2026 at 5:12 PM michaelni via ffmpeg-devel
> <ffmpeg-devel@ffmpeg.org> wrote:
> >
> > PR #21384 opened by michaelni
> > URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21384
> > Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21384.patch
> >
> > More complete fix for #YWH-PGM40646-32
> >
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> >
> >
> > >From 1c214abfd52ac09cb5cb71de70e6475bb7f80747 Mon Sep 17 00:00:00 2001
> > From: Michael Niedermayer <michael@niedermayer.cc>
> > Date: Mon, 5 Jan 2026 18:07:49 +0100
> > Subject: [PATCH] avformat/img2dec: Check avio_size() for failure
> >
> > More complete fix for #YWH-PGM40646-32
> >
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavformat/img2dec.c | 19 +++++++++----------
> >  1 file changed, 9 insertions(+), 10 deletions(-)
> >
> > diff --git a/libavformat/img2dec.c b/libavformat/img2dec.c
> > index 586634c0c3..523015e4c6 100644
> > --- a/libavformat/img2dec.c
> > +++ b/libavformat/img2dec.c
> > @@ -367,7 +367,6 @@ int ff_img_read_packet(AVFormatContext *s1, AVPacket *pkt)
> >      int i, res;
> >      int ret[3] = { 0 };
> >      int64_t size[3] = { 0 };
> > -    int64_t total_size;
> >      AVIOContext *f[3] = { NULL };
> >      AVCodecParameters *par = s1->streams[0]->codecpar;
> >
> > @@ -458,15 +457,15 @@ int ff_img_read_packet(AVFormatContext *s1, AVPacket *pkt)
> >          }
> >      }
> >
> > -    total_size = size[0];
> > -    if (total_size > INT64_MAX - size[1])
> > -        return AVERROR_INVALIDDATA;
> > -    total_size += size[1];
> > -    if (total_size > INT64_MAX - size[2])
> > -        return AVERROR_INVALIDDATA;
> > -    total_size += size[2];
> > -    if (total_size > INT_MAX)
> > -        return AVERROR_INVALIDDATA;
> > +    int64_t total_size = 0;
> > +    for(int i = 0; i < 3; i++) {
> > +        if (size[i] < 0)
> > +            return size[i];
> > +        if (total_size > INT64_MAX - size[i])
> > +            return AVERROR_INVALIDDATA;
> > +
> > +        total_size += size[i];
> > +    }
> 
> Check for (total_size > INT_MAX) is gone now, is that intentional?

no

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Complexity theory is the science of finding the exact solution to an
approximation. Benchmarking OTOH is finding an approximation of the exact