On Tue, May 29, 2018 at 02:35:23PM +0000, Eran Kornblau wrote: > Hi, > > The attached patch fixes a couple of input validation issues in fast start > that I noticed while going over the code > > Thanks > > Eran
> qt-faststart.c | 13 +++++++++---- > 1 file changed, 9 insertions(+), 4 deletions(-) > 1dad4dfcdd67328ed163440550917a3f8fdcb40d > 0001-qt-faststart-stricter-input-validations.patch > From 26ef40268fce426eea608400f81cf2e4d413fca5 Mon Sep 17 00:00:00 2001 > From: erankor <eran.kornb...@kaltura.com> > Date: Tue, 29 May 2018 16:18:05 +0300 > Subject: [PATCH 1/2] qt-faststart - stricter input validations > > 1. validate the moov size before checking for cmov atom > 2. avoid performing arithmetic operations on unvalidated numbers > 3. verify the stco/co64 offset count does not overflow the stco/co64 > atom (not only the moov atom) > --- > tools/qt-faststart.c | 13 +++++++++---- > 1 file changed, 9 insertions(+), 4 deletions(-) will apply thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB When you are offended at any man's fault, turn to yourself and study your own failings. Then you will forget your anger. -- Epictetus
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel