1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-28 20:53:54 +02:00

avformat/mov: Fix extended atom size buffer length check

When extended atom size support was added to probing in
fec4a2d232, the buffer
size check was backwards, but probing continued to work
because there was no minimum size check yet, so despite
size being 1 on these atoms, and failing to read the 64-bit
size, the tag was still correctly read.

When 0b78016b2d introduced a
minimum size check, this exposed the bug, and broke probing
any files with extended atom sizes, such as entirely valid
large files that start whith mdat atoms.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
(cherry picked from commit 85f397c828)
This commit is contained in:
Derek Buitenhuis 2021-03-18 15:26:54 +00:00 committed by James Almer
parent 7efe57ba11
commit cfe614787d

View File

@ -7121,7 +7121,7 @@ static int mov_probe(const AVProbeData *p)
if ((offset + 8) > (unsigned int)p->buf_size)
break;
size = AV_RB32(p->buf + offset);
if (size == 1 && offset + 16 > (unsigned int)p->buf_size) {
if (size == 1 && offset + 16 <= (unsigned int)p->buf_size) {
size = AV_RB64(p->buf+offset + 8);
minsize = 16;
} else if (size == 0) {