[FFmpeg-devel] [PATCH 4/4] mov: Validate spherical metadata version
Vittorio Giovara
vittorio.giovara at gmail.com
Wed Feb 15 18:29:03 EET 2017
---
As suggested by James.
Please CC.
Vittorio
libavformat/mov.c | 26 ++++++++++++++++++++++----
1 file changed, 22 insertions(+), 4 deletions(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index a1774b3..2efd51e 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -4623,7 +4623,7 @@ static int mov_read_sv3d(MOVContext *c, AVIOContext *pb, MOVAtom atom)
{
AVStream *st;
MOVStreamContext *sc;
- int size;
+ int size, version;
int32_t yaw, pitch, roll;
size_t l, t, r, b;
size_t padding = 0;
@@ -4650,7 +4650,13 @@ static int mov_read_sv3d(MOVContext *c, AVIOContext *pb, MOVAtom atom)
av_log(c->fc, AV_LOG_ERROR, "Missing spherical video header\n");
return 0;
}
- avio_skip(pb, 4); /* version + flags */
+ version = avio_r8(pb);
+ if (version != 0) {
+ av_log(c->fc, AV_LOG_WARNING, "Unknown spherical version %d\n",
+ version);
+ return 0;
+ }
+ avio_skip(pb, 3); /* flags */
avio_skip(pb, size - 12); /* metadata_source */
size = avio_rb32(pb);
@@ -4672,7 +4678,13 @@ static int mov_read_sv3d(MOVContext *c, AVIOContext *pb, MOVAtom atom)
av_log(c->fc, AV_LOG_ERROR, "Missing projection header box\n");
return 0;
}
- avio_skip(pb, 4); /* version + flags */
+ version = avio_r8(pb);
+ if (version != 0) {
+ av_log(c->fc, AV_LOG_WARNING, "Unknown spherical version %d\n",
+ version);
+ return 0;
+ }
+ avio_skip(pb, 3); /* flags */
/* 16.16 fixed point */
yaw = avio_rb32(pb);
@@ -4684,7 +4696,13 @@ static int mov_read_sv3d(MOVContext *c, AVIOContext *pb, MOVAtom atom)
return AVERROR_INVALIDDATA;
tag = avio_rl32(pb);
- avio_skip(pb, 4); /* version + flags */
+ version = avio_r8(pb);
+ if (version != 0) {
+ av_log(c->fc, AV_LOG_WARNING, "Unknown spherical version %d\n",
+ version);
+ return 0;
+ }
+ avio_skip(pb, 3); /* flags */
switch (tag) {
case MKTAG('c','b','m','p'):
projection = AV_SPHERICAL_CUBEMAP;
--
2.10.0
More information about the ffmpeg-devel
mailing list