Change #264027
| Category | ffmpeg |
| Changed by | bird <6666242+bird@users.noreply.github.com> |
| Changed at | Wed 08 Apr 2026 22:52:52 |
| Repository | https://git.ffmpeg.org/ffmpeg.git |
| Project | ffmpeg |
| Branch | master |
| Revision | 5c3602abaa50dfe60a3356de5abff73f15df0f99 |
Comments
avformat/sctp: add size check in sctp_read() matching sctp_write() Commit 5b98cea4 added a size < 2 guard to sctp_write() to prevent out-of-bounds access when max_streams is enabled, but the identical pattern in sctp_read() was not addressed. When max_streams is non-zero, sctp_read() passes (buf + 2, size - 2) to ff_sctp_recvmsg(). If size < 2, size - 2 wraps to a large value on the implicit cast to size_t in the callee. Add the same guard. Signed-off-by: bird <6666242+bird@users.noreply.github.com>
Changed files
- libavformat/sctp.c