[FFmpeg-devel] [PATCH] [mov] Avoid OOM for invalid STCO / CO64 constructions.
Dale Curtis
dalecurtis at chromium.org
Thu Feb 15 22:07:05 EET 2024
On Mon, Feb 5, 2024 at 12:07 PM Michael Niedermayer <michael at niedermayer.cc>
wrote:
> assuming atom.size is an arbitrary 64bit value
> then the value of FFMIN() is also 64bit but entries is unsigned 32bit,
> this truncation
> would allow setting entries to values outside whats expected from FFMIN()
> also we seem to disalllow entries == 0 before this
> and its maybe possible to set entries = 0 here, bypassing the == 0 check
> before
Thanks. I've moved the clamp up to before the zero check. The only way a
bad 64-bit value could get in is if atom.size < 8, which I didn't think was
possible, but I've added a FFMAX(0,) there too.
- dale
-------------- next part --------------
A non-text attachment was scrubbed...
Name: stco-clamp-entries-v3.patch
Type: application/x-patch
Size: 1644 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20240215/05be65f9/attachment.bin>
More information about the ffmpeg-devel
mailing list