x/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2026-06-11 08:13:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

avformat/ty: check rec_size

Browse Source 
Fixes: ada-4-poc.ty

change is based on the suggested fix

Found-by: Claude and Ada Logics. This issue was found by Anthropic from using agents to study security of open source projects
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2026-05-23 00:04:46 +00:00
committed by michaelni
parent 3a042a5ab8
commit 4492ad7228
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
libavformat/ty.c
+5 -1
View File
@@ -396,12 +396,16 @@ static int demux_video(AVFormatContext *s, TyRecHdr *rec_hdr, AVPacket *pkt)
int got_packet = 0;
if (subrec_type != 0x02 && subrec_type != 0x0c &&
subrec_type != 0x08 && rec_size > 4) {
subrec_type != 0x08 && rec_size > 7) {
/* get the PTS from this packet if it has one.
* on S1, only 0x06 has PES. On S2, however, most all do.
* Do NOT Pass the PES Header to the MPEG2 codec */
es_offset1 = find_es_header(ty_VideoPacket, ty->chunk + ty->cur_chunk_pos, 5);
if (es_offset1 != -1) {
if (rec_size < es_offset1 + VIDEO_PTS_OFFSET + 5)
return AVERROR_INVALIDDATA;
ty->last_video_pts = ff_parse_pes_pts(
ty->chunk + ty->cur_chunk_pos + es_offset1 + VIDEO_PTS_OFFSET);
if (subrec_type != 0x06) {