virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-02-14 22:22:59 +02:00
Code Issues Releases Activity

avformat/mov: Error on too large stsd entry counts.

Browse Source 
Entries are always at least 8 bytes per the parsing code, so if we
see an impossible entry count avoid massive allocations. This is
similar to an existing check in mov_read_stsc().

Since ff_mov_read_stsd_entries() does eof checks, an alternative
approach could be to clamp the entry count to atom.size / 8.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 320b631a99a9f759fd1d5460fd4e285d184b8186)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Dale Curtis 2018-08-30 15:18:25 -07:00 committed by Michael Niedermayer
parent 84ab680624
commit 968ffb93af
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libavformat/mov.c
View File

@ -2554,7 +2554,8 @@ static int mov_read_stsd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
avio_rb24(pb); /* flags */
entries = avio_rb32(pb);
if (entries <= 0) {
/* Each entry contains a size (4 bytes) and format (4 bytes). */
if (entries <= 0 || entries > atom.size / 8) {
av_log(c->fc, AV_LOG_ERROR, "invalid STSD entries %d\n", entries);
return AVERROR_INVALIDDATA;
}