mirror of
https://git.ffmpeg.org/ffmpeg.git
synced 2026-06-04 14:40:26 +00:00
7e0fac3cbc
Negative -map processing iterates previously parsed stream map entries
and dereferences input_files[m->file_index]->ctx->streams[m->stream_index]
without validating that stream_index is in range.
A malformed earlier map can leave m->stream_index negative, which causes
an out-of-bounds read when a later negative map walks existing entries.
Check that stream_index is non-negative and below nb_streams before
calling stream_specifier_match().
*Vulnerability reported by Zhenpeng (Leo) Lin at depthfirst*
*Patch validated by Zheng Yu at depthfirst*
Fixes: DFVULN-695
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| cmdutils.c | ||
| cmdutils.h | ||
| ffmpeg.c | ||
| ffmpeg.h | ||
| ffmpeg_filter.c | ||
| ffmpeg_hw.c | ||
| ffmpeg_opt.c | ||
| ffmpeg_qsv.c | ||
| ffmpeg_videotoolbox.c | ||
| ffplay.c | ||
| ffprobe.c | ||
| Makefile | ||