depthfirst-dev[bot] 7e0fac3cbc fftools/ffmpeg_opt: validate stream index in negative map handling ...

Negative -map processing iterates previously parsed stream map entries
and dereferences input_files[m->file_index]->ctx->streams[m->stream_index]
without validating that stream_index is in range.

A malformed earlier map can leave m->stream_index negative, which causes
an out-of-bounds read when a later negative map walks existing entries.
Check that stream_index is non-negative and below nb_streams before
calling stream_specifier_match().

*Vulnerability reported by Zhenpeng (Leo) Lin at depthfirst*
*Patch validated by Zheng Yu at depthfirst*

Fixes: DFVULN-695
(cherry picked from commit 25a98586cc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

2026-05-05 18:55:15 +02:00

..

cmdutils.c

fftools/cmdutils: Add protective () to FLAGS

2024-06-15 23:32:58 +02:00

cmdutils.h

fftools: Switch to const AVCodec * where possible

2021-03-02 08:20:10 +01:00

ffmpeg_filter.c

fftools/ffmpeg_filter: Don't use deprecated function

2021-02-26 18:28:26 +01:00

ffmpeg_hw.c

ffmpeg: Don't require a known device to pass a frames context to an encoder

2020-05-03 16:04:27 +01:00

ffmpeg_opt.c

fftools/ffmpeg_opt: validate stream index in negative map handling

2026-05-05 18:55:15 +02:00

ffmpeg_qsv.c

ffmpeg: Remove the hw_device_ctx global

2020-04-26 18:38:25 +01:00

ffmpeg_videotoolbox.c

Stop hardcoding align=32 in av_frame_get_buffer() calls.

2020-05-22 14:38:57 +02:00

ffmpeg.c

fftools/ffmpeg: Check read() for failure

2024-07-21 18:55:35 +02:00

ffmpeg.h

fftools/ffmpeg_opt: limit recursion of presets

2026-05-05 18:55:01 +02:00

ffplay.c

fftools/ffplay: do not write out of rdft visualization texture

2021-03-10 20:01:03 +01:00

ffprobe.c

fftools/ffprobe: use av_packet_alloc() to allocate packets

2021-03-17 15:19:38 -03:00

Makefile

…