[FFmpeg-cvslog] lavf/mov.c: Avoid OOB in mov_read_udta_string()
    Matt Wolenetz 
    git at videolan.org
       
    Sat Feb 11 13:49:27 EET 2017
    
    
  
ffmpeg | branch: release/3.0 | Matt Wolenetz <wolenetz at google.com> | Wed Feb  8 15:40:46 2017 -0800| [b5c13002d18e8cd0ab19b37bb1fff3ea75ec3e5e] | committer: Michael Niedermayer
lavf/mov.c: Avoid OOB in mov_read_udta_string()
Core of patch is from paul at paulmehta.com
Reference https://crbug.com/643952 (udta_string portion)
Signed-off-by: Matt Wolenetz <wolenetz at chromium.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 9bbdf5d921ef57e1698f64981e4ea04db7c56fb5)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b5c13002d18e8cd0ab19b37bb1fff3ea75ec3e5e
---
 libavformat/mov.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index b03a4b9..6fc792f 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -380,11 +380,11 @@ retry:
                 return ret;
             } else if (!key && c->found_hdlr_mdta && c->meta_keys) {
                 uint32_t index = AV_RB32(&atom.type);
-                if (index < c->meta_keys_count) {
+                if (index < c->meta_keys_count && index > 0) {
                     key = c->meta_keys[index];
                 } else {
                     av_log(c->fc, AV_LOG_WARNING,
-                           "The index of 'data' is out of range: %d >= %d.\n",
+                           "The index of 'data' is out of range: %d < 1 or >= %d.\n",
                            index, c->meta_keys_count);
                 }
             }
    
    
More information about the ffmpeg-cvslog
mailing list