[FFmpeg-devel] [PATCH]lavf/mov: Do not overread iTunes metadata

Carl Eugen Hoyos Fri, 03 Apr 2015 21:26:20 -0700

Hi!

Attached patch fixes ticket #4425 for me.


Please comment, Carl Eugen

diff --git a/libavformat/mov.c b/libavformat/mov.c
index dc31e5a..8a4b739 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -342,7 +342,7 @@ retry:
     if (c->itunes_metadata && atom.size > 8) {
         int data_size = avio_rb32(pb);
         int tag = avio_rl32(pb);
-        if (tag == MKTAG('d','a','t','a')) {
+        if (tag == MKTAG('d','a','t','a') && data_size < atom.size - 8) {
             data_type = avio_rb32(pb); // type
             avio_rb32(pb); // unknown
             str_size = data_size - 16;

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

[FFmpeg-devel] [PATCH]lavf/mov: Do not overread iTunes metadata

Reply via email to