Module: libav Branch: master Commit: a5ea623b364b8a605fc92c973a98cd66cb7e6a5d
Author: Michael Niedermayer <[email protected]> Committer: Luca Barbato <[email protected]> Date: Thu Dec 15 20:51:00 2011 +0100 mov: stsd entries must be at least 16 byte Fix near infinite loop in stsd parsing. Bug found by: Diana Elena Muscalu The size is unsigned according the specification. Signed-off-by: Michael Niedermayer <[email protected]> Signed-off-by: Luca Barbato <[email protected]> --- libavformat/mov.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 09228cb..87c890e 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -1098,13 +1098,16 @@ int ff_mov_read_stsd_entries(MOVContext *c, AVIOContext *pb, int entries) int dref_id = 1; MOVAtom a = { AV_RL32("stsd") }; int64_t start_pos = avio_tell(pb); - int size = avio_rb32(pb); /* size */ + uint32_t size = avio_rb32(pb); /* size */ uint32_t format = avio_rl32(pb); /* data format */ if (size >= 16) { avio_rb32(pb); /* reserved */ avio_rb16(pb); /* reserved */ dref_id = avio_rb16(pb); + } else { + av_log(c->fc, AV_LOG_ERROR, "invalid size %d in stsd\n", size); + return AVERROR_INVALIDDATA; } if (st->codec->codec_tag && _______________________________________________ libav-commits mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-commits
