Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/FFmpeg/FFmpeg.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/libavformat/mov.c
diff options
context:
space:
mode:
authorDale Curtis <dalecurtis@chromium.org>2020-05-15 01:31:55 +0300
committerMichael Niedermayer <michael@niedermayer.cc>2020-05-19 18:17:36 +0300
commitd2f5691e96d7a2075cf4b4da4b1bbcd872186ccb (patch)
tree68a3a9f728b9fc81c067c08acc50e1f84dcfd472 /libavformat/mov.c
parent558daf07e50a73228894bb2352753d706c376943 (diff)
avformat/mov: Don't allow negative sample sizes.
Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2d8d554f15a7a27cfeca81467cc9341a86f784e2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavformat/mov.c')
-rw-r--r--libavformat/mov.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/libavformat/mov.c b/libavformat/mov.c
index dfa943819f..2e726d3e90 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -2872,6 +2872,10 @@ static int mov_read_stsz(MOVContext *c, AVIOContext *pb, MOVAtom atom)
for (i = 0; i < entries && !pb->eof_reached; i++) {
sc->sample_sizes[i] = get_bits_long(&gb, field_size);
+ if (sc->sample_sizes[i] < 0) {
+ av_log(c->fc, AV_LOG_ERROR, "Invalid sample size %d\n", sc->sample_sizes[i]);
+ return AVERROR_INVALIDDATA;
+ }
sc->data_size += sc->sample_sizes[i];
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-05 14:45:06 +0300