[FFmpeg-devel] [PATCH] avformat/mov: prevent excessive allocation in mov_read_udta_string

Sanjay Jangid Wed, 30 Jul 2025 04:40:58 -0700

Signed-off-by: Sanjay Jangid <sanjayjangid...@gmail.com>
---
libavformat/mov.c | 4 ++++
1 file changed, 4 insertions(+)


diff --git a/libavformat/mov.c b/libavformat/mov.c
index c935bbf..725a9fa 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -459,6 +459,10 @@ retry:
            data_type = avio_rb32(pb); // type
            avio_rb32(pb); // unknown
            str_size = data_size - 16;
+            if (str_size >= INT_MAX / 2) {
+                 av_log(c->fc, AV_LOG_ERROR, "str_size is too large\n");
+                 return AVERROR_INVALIDDATA;
+             }
            atom.size -= 16;

            if (!key && c->found_hdlr_mdta && c->meta_keys) {
-- 
2.50.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH] avformat/mov: prevent excessive allocation in mov_read_udta_string

Reply via email to