mirror of
https://git.ffmpeg.org/ffmpeg.git
synced 2026-06-05 23:10:29 +00:00
20a720b0f3
Negative -map processing iterates previously parsed stream map entries
and dereferences input_files[m->file_index]->ctx->streams[m->stream_index]
without validating that stream_index is in range.
A malformed earlier map can leave m->stream_index negative, which causes
an out-of-bounds read when a later negative map walks existing entries.
Check that stream_index is non-negative and below nb_streams before
calling stream_specifier_match().
*Vulnerability reported by Zhenpeng (Leo) Lin at depthfirst*
*Patch validated by Zheng Yu at depthfirst*
Fixes: DFVULN-695
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| cmdutils.c | ||
| cmdutils.h | ||
| ffmpeg.c | ||
| ffmpeg.h | ||
| ffmpeg_filter.c | ||
| ffmpeg_hw.c | ||
| ffmpeg_mux.c | ||
| ffmpeg_opt.c | ||
| ffplay.c | ||
| ffprobe.c | ||
| fopen_utf8.h | ||
| Makefile | ||
| opt_common.c | ||
| opt_common.h | ||