This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/4.4 in repository ffmpeg.
commit 082f6ddb5c19a62845ffd74a79f1d30e73d5926e Author: Michael Niedermayer <[email protected]> AuthorDate: Wed Apr 29 01:49:59 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Tue May 5 18:55:12 2026 +0200 avformat/mov: check extradata in mov_read_dops() We do want to limit an attackers ability to change once parsed structures. So once extradata (or another array) is finished and possibly has been used we do not want to allow an attacker to change it. This reduces the attack surface Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 7c67748537d984d607b923aab6959bc85835c769) Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/mov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index e224d44e1a..cae162490d 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -6845,7 +6845,7 @@ static int mov_read_dops(MOVContext *c, AVIOContext *pb, MOVAtom atom) return 0; st = c->fc->streams[c->fc->nb_streams-1]; - if ((uint64_t)atom.size > (1<<30) || atom.size < 11) + if ((uint64_t)atom.size > (1<<30) || atom.size < 11 || st->codecpar->extradata) return AVERROR_INVALIDDATA; /* Check OpusSpecificBox version. */ _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
