From ca6b0f142c1b96343f41ce85db03dee716b7858a Mon Sep 17 00:00:00 2001
From: manh-td <dmtran120901@gmail.com>
Date: Fri, 19 Dec 2025 10:00:54 +0800
Subject: [PATCH] Check size_bmp more fully

---
 contrib/sdk/sources/ffmpeg/ffmpeg-2.8/libavformat/asfdec_o.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/contrib/sdk/sources/ffmpeg/ffmpeg-2.8/libavformat/asfdec_o.c b/contrib/sdk/sources/ffmpeg/ffmpeg-2.8/libavformat/asfdec_o.c
index 6b4216cab..4410e49fd 100644
--- a/contrib/sdk/sources/ffmpeg/ffmpeg-2.8/libavformat/asfdec_o.c
+++ b/contrib/sdk/sources/ffmpeg/ffmpeg-2.8/libavformat/asfdec_o.c
@@ -695,7 +695,8 @@ static int parse_video_info(AVIOContext *pb, AVStream *st)
     st->codec->codec_tag = tag;
     st->codec->codec_id  = ff_codec_get_id(ff_codec_bmp_tags, tag);
 
-    if (size > BMP_HEADER_SIZE) {
+    if (size > BMP_HEADER_SIZE &&
+        size < INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE) {
         int ret;
         st->codec->extradata_size  = size - BMP_HEADER_SIZE;
         if (!(st->codec->extradata = av_malloc(st->codec->extradata_size +