On Fri, Feb 16, 2024 at 01:41:35PM -0800, Dale Curtis wrote: > On Thu, Feb 15, 2024 at 2:35 PM Michael Niedermayer <mich...@niedermayer.cc> > wrote: > > > FFMIN/MAX can evaluate their arguments multiple times so avio_rb32() might > > be executed more than once > > > > Thanks. Good catch. Fixed.
> mov.c | 7 +++++++ > 1 file changed, 7 insertions(+) > 08ba396380cc14f3df2bdd4a638c43c1c521b8fc stco-clamp-entries-v4.patch > From b94e542582e375025c59862cee58ec45d39c9cd6 Mon Sep 17 00:00:00 2001 > From: Dale Curtis <dalecur...@chromium.org> > Date: Fri, 2 Feb 2024 20:49:44 +0000 > Subject: [PATCH] [mov] Avoid OOM for invalid STCO / CO64 constructions. > > The `entries` value is read directly from the stream and used to > allocate memory. This change clamps `entries` to however many are > possible in the remaining atom or file size (whichever is smallest). > > Fixes https://crbug.com/1429357 > > Signed-off-by: Dale Curtis <dalecur...@chromium.org> > --- > libavformat/mov.c | 7 +++++++ > 1 file changed, 7 insertions(+) will apply thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB It is a danger to trust the dream we wish for rather than the science we have, -- Dr. Kenneth Brown
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
