This is an automated email from the git hooks/post-receive script.
Git pushed a commit to branch master
in repository ffmpeg.
The following commit(s) were added to refs/heads/master by this push:
new e392fb8c9c avformat/mov: use 64bit in CENC subsample bounds checks
e392fb8c9c is described below
commit e392fb8c9c3949d975531d2b23c645d2465a7ebc
Author: Michael Niedermayer <[email protected]>
AuthorDate: Tue Feb 24 03:47:15 2026 +0100
Commit: James Almer <[email protected]>
CommitDate: Tue Mar 3 11:49:10 2026 +0000
avformat/mov: use 64bit in CENC subsample bounds checks
Found-by: Quang Luong <[email protected]>
Found-by: PrymEvol
Signed-off-by: Michael Niedermayer <[email protected]>
---
libavformat/mov.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 311aff7d14..396a559fa4 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -8201,7 +8201,7 @@ static int cenc_scheme_decrypt(MOVContext *c,
MOVStreamContext *sc, AVEncryption
}
for (i = 0; i < sample->subsample_count; i++) {
- if (sample->subsamples[i].bytes_of_clear_data +
sample->subsamples[i].bytes_of_protected_data > size) {
+ if (sample->subsamples[i].bytes_of_clear_data +
(int64_t)sample->subsamples[i].bytes_of_protected_data > size) {
av_log(c->fc, AV_LOG_ERROR, "subsample size exceeds the packet
size left\n");
return AVERROR_INVALIDDATA;
}
@@ -8262,7 +8262,7 @@ static int cbc1_scheme_decrypt(MOVContext *c,
MOVStreamContext *sc, AVEncryption
}
for (i = 0; i < sample->subsample_count; i++) {
- if (sample->subsamples[i].bytes_of_clear_data +
sample->subsamples[i].bytes_of_protected_data > size) {
+ if (sample->subsamples[i].bytes_of_clear_data +
(int64_t)sample->subsamples[i].bytes_of_protected_data > size) {
av_log(c->fc, AV_LOG_ERROR, "subsample size exceeds the packet
size left\n");
return AVERROR_INVALIDDATA;
}
@@ -8330,7 +8330,7 @@ static int cens_scheme_decrypt(MOVContext *c,
MOVStreamContext *sc, AVEncryption
}
for (i = 0; i < sample->subsample_count; i++) {
- if (sample->subsamples[i].bytes_of_clear_data +
sample->subsamples[i].bytes_of_protected_data > size) {
+ if (sample->subsamples[i].bytes_of_clear_data +
(int64_t)sample->subsamples[i].bytes_of_protected_data > size) {
av_log(c->fc, AV_LOG_ERROR, "subsample size exceeds the packet
size left\n");
return AVERROR_INVALIDDATA;
}
@@ -8401,7 +8401,7 @@ static int cbcs_scheme_decrypt(MOVContext *c,
MOVStreamContext *sc, AVEncryption
}
for (i = 0; i < sample->subsample_count; i++) {
- if (sample->subsamples[i].bytes_of_clear_data +
sample->subsamples[i].bytes_of_protected_data > size) {
+ if (sample->subsamples[i].bytes_of_clear_data +
(int64_t)sample->subsamples[i].bytes_of_protected_data > size) {
av_log(c->fc, AV_LOG_ERROR, "subsample size exceeds the packet
size left\n");
return AVERROR_INVALIDDATA;
}
_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]
