ffmpeg | branch: release/7.0 | James Almer <jamr...@gmail.com> | Sun Jun 30 23:40:20 2024 -0300| [fbe52bd65c3484806cf5ad56a5fb7a7bd55fc7db] | committer: James Almer
avformat/mov: check extent_offset calculation for overflow Signed-off-by: James Almer <jamr...@gmail.com> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fbe52bd65c3484806cf5ad56a5fb7a7bd55fc7db --- libavformat/mov.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index a64b89b821..e7673d9469 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -8104,7 +8104,8 @@ static int mov_read_iloc(MOVContext *c, AVIOContext *pb, MOVAtom atom) } for (int j = 0; j < extent_count; j++) { if (rb_size(pb, &extent_offset, offset_size) < 0 || - rb_size(pb, &extent_length, length_size) < 0) + rb_size(pb, &extent_length, length_size) < 0 || + base_offset > INT64_MAX - extent_offset) return AVERROR_INVALIDDATA; if (offset_type == 1) c->heif_item[i].is_idat_relative = 1; _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
