Stowage/ffmpeg
2
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2026-06-14 03:20:34 +00:00
Code Issues Projects Releases Packages Wiki Activity

avcodec/truespeech: reject iterations count whose * 240 product overflows 32-bit

Browse source 
Found-by: Anthropic agents; validated and reported by Ada Logics.
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
David Korczynski 2026-06-06 16:23:27 +02:00 committed by michaelni
parent b29bdd3715
commit d30dead35e
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
libavcodec/truespeech.c
View file

@ -323,6 +323,11 @@ static int truespeech_decode_frame(AVCodecContext *avctx, AVFrame *frame,
"Too small input buffer (%d bytes), need at least 32 bytes\n", buf_size);
return -1;
}
if (iterations > INT_MAX / 240) {
av_log(avctx, AV_LOG_ERROR,
"Too large input buffer (%d bytes); per-block sample count overflows\n", buf_size);
return AVERROR_INVALIDDATA;
}
/* get output buffer */
frame->nb_samples = iterations * 240;