[FFmpeg-devel] [PATCH 4/4] avformat/mov: add more checks for infe atom size
James Almer
jamrial at gmail.com
Mon Jul 1 05:40:22 EEST 2024
Signed-off-by: James Almer <jamrial at gmail.com>
---
libavformat/mov.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 9f6752b492..ba33e52086 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -8510,6 +8510,8 @@ static int mov_read_infe(MOVContext *c, AVIOContext *pb, MOVAtom atom, int idx)
version = avio_r8(pb);
avio_rb24(pb); // flags.
size -= 4;
+ if (size < 0)
+ return AVERROR_INVALIDDATA;
if (version < 2) {
avpriv_report_missing_feature(c->fc, "infe version < 2");
@@ -8521,6 +8523,8 @@ static int mov_read_infe(MOVContext *c, AVIOContext *pb, MOVAtom atom, int idx)
avio_rb16(pb); // item_protection_index
item_type = avio_rl32(pb);
size -= 8;
+ if (size < 1)
+ return AVERROR_INVALIDDATA;
av_bprint_init(&item_name, 0, AV_BPRINT_SIZE_UNLIMITED);
ret = ff_read_string_to_bprint_overwrite(pb, &item_name, size);
--
2.45.2
More information about the ffmpeg-devel
mailing list