Hi 0xBat

On Mon, Jan 05, 2026 at 01:35:02AM +0100, 0xBat via ffmpeg-devel wrote:
> Prevent integer overflow in init_get_bits by validating that packet size multiplied by 8 does not exceed INT_MAX.
> 
> Signed-off-by: 0xBat <monsterbat02@gmail.com>
> ---
>  libavcodec/qdm2.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c
> index b2136c6824..2eb1f3be99 100644
> --- a/libavcodec/qdm2.c
> +++ b/libavcodec/qdm2.c
> @@ -978,6 +978,8 @@ static int process_subpacket_9(QDM2Context *q, QDM2SubPNode *node)
>      GetBitContext gb;
>      int i, j, k, n, ch, run, level, diff;
>  
> +    if (node->packet->size > INT_MAX / 8)
> +        return AVERROR_INVALIDDATA;
>      init_get_bits(&gb, node->packet->data, node->packet->size * 8);

init_get_bits8()

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Those who are best at talking, realize last or never when they are wrong.