diff mbox series

[FFmpeg-devel,2/2] avcodec/pnmdec: Use 64bit for input size check

Message ID 20240718221606.3710874-2-michael@niedermayer.cc
State New
Headers show
Series [FFmpeg-devel,1/2] avformat/mov: Check extradata in mov_read_iacb() | expand

Commit Message

Michael Niedermayer July 18, 2024, 10:16 p.m. UTC 
Fixes: out of array read
Fixes: poc3

Reported-by: VulDB CNA Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/pnmdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Michael Niedermayer July 21, 2024, 12:47 p.m. UTC | #1 
On Fri, Jul 19, 2024 at 12:16:06AM +0200, Michael Niedermayer wrote:
> Fixes: out of array read
> Fixes: poc3
> 
> Reported-by: VulDB CNA Team
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/pnmdec.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

will apply

[...]
diff mbox series

Patch

diff --git a/libavcodec/pnmdec.c b/libavcodec/pnmdec.c
index a6945549bd5..59013ada495 100644
--- a/libavcodec/pnmdec.c
+++ b/libavcodec/pnmdec.c
@@ -262,7 +262,7 @@  static int pnm_decode_frame(AVCodecContext *avctx, AVFrame *p,
         break;
     case AV_PIX_FMT_GBRPF32:
         if (!s->half) {
-            if (avctx->width * avctx->height * 12 > s->bytestream_end - s->bytestream)
+            if (avctx->width * avctx->height * 12LL > s->bytestream_end - s->bytestream)
                 return AVERROR_INVALIDDATA;
             scale = 1.f / s->scale;
             if (s->endian) {