[vlc-commits] [Git][videolan/vlc][master] demux/mp4: fix integer overflow in HEIF grid image allocation
Felix Paul Kühne (@fkuehne)
gitlab at videolan.org
Fri Apr 17 11:31:45 UTC 2026
Felix Paul Kühne pushed to branch master at VideoLAN / VLC
Commits:
e5cd0671 by Duc Anh Nguyen at 2026-04-17T13:31:39+02:00
demux/mp4: fix integer overflow in HEIF grid image allocation
- - - - -
1 changed file:
- modules/demux/mp4/heif.c
Changes:
=====================================
modules/demux/mp4/heif.c
=====================================
@@ -31,6 +31,7 @@
#include <vlc_image.h>
#include <assert.h>
#include <limits.h>
+#include <stdckdint.h>
#include "libmp4.h"
#include "heif.h"
@@ -674,8 +675,16 @@ static int DerivedImageAssembleGrid( demux_t *p_demux, uint32_t i_grid_item_id,
if( !handler )
return VLC_EGENERIC;
- block_t *p_block = block_Alloc( derivation_data.ImageGrid.output_width *
- derivation_data.ImageGrid.output_height * 4 );
+ size_t alloc_size;
+ if( ckd_mul( &alloc_size, derivation_data.ImageGrid.output_width,
+ derivation_data.ImageGrid.output_height ) ||
+ ckd_mul( &alloc_size, alloc_size, 4 ) )
+ {
+ image_HandlerDelete( handler );
+ return VLC_EGENERIC;
+ }
+
+ block_t *p_block = block_Alloc( alloc_size );
if( !p_block )
{
image_HandlerDelete( handler );
View it on GitLab: https://code.videolan.org/videolan/vlc/-/commit/e5cd067161ed55a51074a38b684cce15f69b4375
--
View it on GitLab: https://code.videolan.org/videolan/vlc/-/commit/e5cd067161ed55a51074a38b684cce15f69b4375
You're receiving this email because of your account on code.videolan.org.
More information about the vlc-commits
mailing list