From: Aaron Colwell <[email protected]>
Signed-off-by: James Almer <[email protected]>
---
libavformat/mov.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 2810960..4a6f9c0 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -3255,7 +3255,7 @@ static int mov_read_sv3d(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
return 0;
}
avio_skip(pb, 4); /* version + flags */
- avio_skip(pb, avio_r8(pb)); /* metadata_source */
+ avio_skip(pb, size - 12); /* metadata_source */
size = avio_rb32(pb);
if (size > atom.size)
@@ -3268,7 +3268,7 @@ static int mov_read_sv3d(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
}
size = avio_rb32(pb);
- if (size > atom.size)
+ if (size <= 12 || size > atom.size)
return AVERROR_INVALIDDATA;
tag = avio_rl32(pb);
--
2.10.0
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
