From 072198166e9a333662042deef066fe41b3ad8070 Mon Sep 17 00:00:00 2001
From: Carl Eugen Hoyos <cehoyos@ag.or.at>
Date: Sat, 4 Apr 2015 17:35:06 +0200
Subject: [PATCH] lavf/mov: Do not overread iTunes metadata.

Fixes ticket #4425.
---
 libavformat/mov.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index dc31e5a6f7..c63e817276 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -342,7 +342,7 @@ retry:
     if (c->itunes_metadata && atom.size > 8) {
         int data_size = avio_rb32(pb);
         int tag = avio_rl32(pb);
-        if (tag == MKTAG('d','a','t','a')) {
+        if (tag == MKTAG('d','a','t','a') && data_size <= atom.size) {
             data_type = avio_rb32(pb); // type
             avio_rb32(pb); // unknown
             str_size = data_size - 16;