[SCM] libav/experimental: qt-faststart: Check offset_count before reading from the moov_atom buffer
siretart at users.alioth.debian.org
siretart at users.alioth.debian.org
Sun Aug 10 16:01:46 UTC 2014
The following commit has been merged in the experimental branch:
commit bb95334c34d0d9abccea370ae25c4765d7764ab8
Author: Michael Niedermayer <michaelni at gmx.at>
Date: Thu Dec 13 15:07:20 2012 +0100
qt-faststart: Check offset_count before reading from the moov_atom buffer
CC: libav-stable at libav.org
Signed-off-by: Martin Storsjö <martin at martin.st>
diff --git a/tools/qt-faststart.c b/tools/qt-faststart.c
index 5c511a0..792c272 100644
--- a/tools/qt-faststart.c
+++ b/tools/qt-faststart.c
@@ -239,6 +239,10 @@ int main(int argc, char *argv[])
goto error_out;
}
offset_count = BE_32(&moov_atom[i + 8]);
+ if (i + 12 + offset_count * UINT64_C(4) > moov_atom_size) {
+ printf(" bad atom size/element count\n");
+ goto error_out;
+ }
for (j = 0; j < offset_count; j++) {
current_offset = BE_32(&moov_atom[i + 12 + j * 4]);
current_offset += moov_atom_size;
@@ -256,6 +260,10 @@ int main(int argc, char *argv[])
goto error_out;
}
offset_count = BE_32(&moov_atom[i + 8]);
+ if (i + 12 + offset_count * UINT64_C(8) > moov_atom_size) {
+ printf(" bad atom size/element count\n");
+ goto error_out;
+ }
for (j = 0; j < offset_count; j++) {
current_offset = BE_64(&moov_atom[i + 12 + j * 8]);
current_offset += moov_atom_size;
--
Libav/FFmpeg packaging
More information about the pkg-multimedia-commits
mailing list