[FFmpeg-devel] [PATCH] libavutil/vulkan: fix flexible array struct allocation
Marvin Scholz
epirat07 at gmail.com
Wed Oct 9 03:12:39 EEST 2024
The flexible array member struct can have padding added by
the compiler which was not taken into account properly, which
could lead to a heap buffer overflow.
---
libavutil/vulkan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavutil/vulkan.c b/libavutil/vulkan.c
index cd617496dcb..b9aee7cf902 100644
--- a/libavutil/vulkan.c
+++ b/libavutil/vulkan.c
@@ -644,11 +644,11 @@ int ff_vk_exec_add_dep_bool_sem(FFVulkanContext *s, FFVkExecContext *e,
}
return 0;
}
- buf_size = sizeof(int) + sizeof(VkSemaphore)*nb;
+ buf_size = sizeof(*ts) + sizeof(VkSemaphore)*nb;
ts = av_mallocz(buf_size);
if (!ts) {
err = AVERROR(ENOMEM);
goto fail;
}
base-commit: f456522e32ec2577745d4669dc333be298d85907
--
2.46.2
More information about the ffmpeg-devel
mailing list