From 36ea3c1bf7afe91da310ee7a5b28e3e2d3f2d04c Mon Sep 17 00:00:00 2001
From: erankor <eran.kornblau@kaltura.com>
Date: Wed, 13 Jun 2018 11:48:20 +0300
Subject: [PATCH] qt-faststart: add validation on ftyp atom size

avoid trying to allocate an unreasonably sized buffer on corrupt files
---
 tools/qt-faststart.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tools/qt-faststart.c b/tools/qt-faststart.c
index 40eb3fcfc8..07813ae35c 100644
--- a/tools/qt-faststart.c
+++ b/tools/qt-faststart.c
@@ -99,6 +99,7 @@
 
 #define ATOM_PREAMBLE_SIZE    8
 #define COPY_BUFFER_SIZE   33554432
+#define MAX_FTYP_ATOM_SIZE 1048576
 
 typedef struct {
     uint32_t type;
@@ -471,6 +472,11 @@ int main(int argc, char *argv[])
 
         /* keep ftyp atom */
         if (atom_type == FTYP_ATOM) {
+            if (atom_size > MAX_FTYP_ATOM_SIZE) {
+                printf("ftyp atom size %"PRIu64" too big\n",
+                       atom_size);
+                goto error_out;
+            }
             ftyp_atom_size = atom_size;
             free(ftyp_atom);
             ftyp_atom = malloc(ftyp_atom_size);
-- 
2.16.2.windows.1