Stowage/ffmpeg
2
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2026-06-14 19:40:29 +00:00
Code Issues Projects Releases Packages Wiki Activity

fftools/ffmpeg_opt: validate stream index in negative map handling

Browse source 
Negative -map processing iterates previously parsed stream map entries
and dereferences input_files[m->file_index]->ctx->streams[m->stream_index]
without validating that stream_index is in range.

A malformed earlier map can leave m->stream_index negative, which causes
an out-of-bounds read when a later negative map walks existing entries.
Check that stream_index is non-negative and below nb_streams before
calling stream_specifier_match().

*Vulnerability reported by Zhenpeng (Leo) Lin at depthfirst*
*Patch validated by Zheng Yu at depthfirst*

Fixes: DFVULN-695
(cherry picked from commit 25a98586cc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
depthfirst-dev[bot] 2026-04-23 02:47:11 +00:00 committed by Michael Niedermayer
parent cdd6df0104
commit dc3742fd7f
No known key found for this signature in database
GPG key ID: B18E8928B3948D64
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
fftools/ffmpeg_opt.c
View file

@ -645,6 +645,8 @@ static int opt_map(void *optctx, const char *opt, const char *arg)
for (i = 0; i < o->nb_stream_maps; i++) {
m = &o->stream_maps[i];
if (file_idx == m->file_index &&
m->stream_index >= 0 &&
m->stream_index < input_files[m->file_index]->nb_streams &&
stream_specifier_match(&ss,
input_files[m->file_index]->ctx,
input_files[m->file_index]->ctx->streams[m->stream_index],