[FFmpeg-cvslog] mov: stsd entries must be at least 16 byte
Michael Niedermayer
git at videolan.org
Mon Sep 17 15:21:35 CEST 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu Dec 15 20:51:00 2011 +0100| [a5ea623b364b8a605fc92c973a98cd66cb7e6a5d] | committer: Luca Barbato
mov: stsd entries must be at least 16 byte
Fix near infinite loop in stsd parsing.
Bug found by: Diana Elena Muscalu
The size is unsigned according the specification.
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a5ea623b364b8a605fc92c973a98cd66cb7e6a5d
---
libavformat/mov.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 09228cb..87c890e 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1098,13 +1098,16 @@ int ff_mov_read_stsd_entries(MOVContext *c, AVIOContext *pb, int entries)
int dref_id = 1;
MOVAtom a = { AV_RL32("stsd") };
int64_t start_pos = avio_tell(pb);
- int size = avio_rb32(pb); /* size */
+ uint32_t size = avio_rb32(pb); /* size */
uint32_t format = avio_rl32(pb); /* data format */
if (size >= 16) {
avio_rb32(pb); /* reserved */
avio_rb16(pb); /* reserved */
dref_id = avio_rb16(pb);
+ } else {
+ av_log(c->fc, AV_LOG_ERROR, "invalid size %d in stsd\n", size);
+ return AVERROR_INVALIDDATA;
}
if (st->codec->codec_tag &&
More information about the ffmpeg-cvslog
mailing list