falkTX
/
FFmpeg
mirror of https://github.com/falkTX/FFmpeg.git
1
0
Fork 0
Code Issues 0 Releases 338 Wiki Activity
Browse Source

mov: stsd entries must be at least 16 byte 

Fix near infinite loop in stsd parsing.
Bug found by: Diana Elena Muscalu

The size is unsigned according the specification.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
tags/n1.0
Michael Niedermayer Luca Barbato 14 years ago
parent
9db67bedf0
commit
a5ea623b36
1 changed files with 4 additions and 1 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +4
    -1
      libavformat/mov.c

+ 4
- 1
libavformat/mov.c View File

@@ -1098,13 +1098,16 @@ int ff_mov_read_stsd_entries(MOVContext *c, AVIOContext *pb, int entries)
int dref_id = 1;
MOVAtom a = { AV_RL32("stsd") };
int64_t start_pos = avio_tell(pb);
int size = avio_rb32(pb); /* size */
uint32_t size = avio_rb32(pb); /* size */
uint32_t format = avio_rl32(pb); /* data format */

if (size >= 16) {
avio_rb32(pb); /* reserved */
avio_rb16(pb); /* reserved */
dref_id = avio_rb16(pb);
} else {
av_log(c->fc, AV_LOG_ERROR, "invalid size %d in stsd\n", size);
return AVERROR_INVALIDDATA;
}

if (st->codec->codec_tag &&


Write Preview
Loading…
Cancel
Save