From: Aaron Colwell <acolw...@google.com>
Signed-off-by: James Almer <jamr...@gmail.com>
---
libavformat/mov.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 5c9f85c..d5de5d6 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -3252,7 +3252,7 @@ static int mov_read_sv3d(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
}
size = avio_rb32(pb);
- if (size > atom.size)
+ if (size <= 12 || size > atom.size)
return AVERROR_INVALIDDATA;
tag = avio_rl32(pb);
@@ -3261,7 +3261,7 @@ static int mov_read_sv3d(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
return 0;
}
avio_skip(pb, 4); /* version + flags */
- avio_skip(pb, avio_r8(pb)); /* metadata_source */
+ avio_skip(pb, size - 12); /* metadata_source */
size = avio_rb32(pb);
if (size > atom.size)
--
2.10.0
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel
