Hi 0xBat On Mon, Jan 05, 2026 at 01:35:00AM +0100, 0xBat via ffmpeg-devel wrote: > Validate the calculated index against both the current position and the total texture size to prevent out-of-bounds memory access. > > Signed-off-by: 0xBat > --- > libavcodec/dxv.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/libavcodec/dxv.c b/libavcodec/dxv.c > index 07eee253e7..8d11dfe1a1 100644 > --- a/libavcodec/dxv.c > +++ b/libavcodec/dxv.c > @@ -72,8 +72,8 @@ typedef struct DXVContext { > idx = x; \ > break; \ > case 2: \ > - idx = (bytestream2_get_byte(gbc) + 2) * x; \ > - if (idx > pos) { \ > + idx = (bytestream2_get_byte(gbc) + 2) * x; > + if (idx > pos || idx > ctx->tex_size) { \ > av_log(avctx, AV_LOG_ERROR, "idx %d > %d\n", idx, pos); \ this is a syntax error, that macro doesnt build src/libavcodec/dxv.c:76:13: error: expected identifier or ‘(’ before ‘if’ 76 | if (idx > pos || idx > ctx->tex_size) { \ | ^~ src/libavcodec/dxv.c:80:13: error: expected identifier or ‘(’ before ‘break’ 80 | break; \ | ^~~~~ src/libavcodec/dxv.c:81:9: error: expected identifier or ‘(’ before ‘case’ 81 | case 3: \ | ^~~~ src/libavcodec/dxv.c:83:13: error: expected identifier or ‘(’ before ‘if’ 83 | if (idx > pos) { \ | ^~ src/libavcodec/dxv.c:87:13: error: expected identifier or ‘(’ before ‘break’ 87 | break; \ | ^~~~~ src/libavcodec/dxv.c:88:9: error: expected identifier or ‘(’ before ‘}’ token 88 | } \ | ^ src/libavcodec/dxv.c:89:5: error: expected identifier or ‘(’ before ‘}’ token 89 | } while(0) | ^ src/libavcodec/dxv.c:89:7: error: expected identifier or ‘(’ before ‘while’ 89 | } while(0) | ^~~~~ make: *** [src/ffbuild/common.mak:90: libavcodec/dxv.o] Error 1 [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Awnsering whenever a program halts or runs forever is On a turing machine, in general impossible (turings halting problem). On any real computer, always possible as a real computer has a finite number of states N, and will either halt in less than N cycles or never halt.