mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-28 20:53:54 +02:00
avformat/mov: Fix extended atom size buffer length check
When extended atom size support was added to probing infec4a2d232
, the buffer size check was backwards, but probing continued to work because there was no minimum size check yet, so despite size being 1 on these atoms, and failing to read the 64-bit size, the tag was still correctly read. When0b78016b2d
introduced a minimum size check, this exposed the bug, and broke probing any files with extended atom sizes, such as entirely valid large files that start whith mdat atoms. Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> (cherry picked from commit85f397c828
)
This commit is contained in:
parent
7efe57ba11
commit
cfe614787d
@ -7121,7 +7121,7 @@ static int mov_probe(const AVProbeData *p)
|
||||
if ((offset + 8) > (unsigned int)p->buf_size)
|
||||
break;
|
||||
size = AV_RB32(p->buf + offset);
|
||||
if (size == 1 && offset + 16 > (unsigned int)p->buf_size) {
|
||||
if (size == 1 && offset + 16 <= (unsigned int)p->buf_size) {
|
||||
size = AV_RB64(p->buf+offset + 8);
|
||||
minsize = 16;
|
||||
} else if (size == 0) {
|
||||
|
Loading…
Reference in New Issue
Block a user