[FFmpeg-devel] [PATCH]lavf/mov: Do not overread iTunes metadata
Carl Eugen Hoyos
cehoyos at ag.or.at
Sat Apr 4 06:34:32 CEST 2015
On Saturday 04 April 2015 06:25:36 am Carl Eugen Hoyos wrote:
> Hi!
>
> Attached patch fixes ticket #4425 for me.
New patch attached that does not brake fate.
Carl Eugen
-------------- next part --------------
diff --git a/libavformat/mov.c b/libavformat/mov.c
index dc31e5a..eda9d42 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -342,7 +342,7 @@ retry:
if (c->itunes_metadata && atom.size > 8) {
int data_size = avio_rb32(pb);
int tag = avio_rl32(pb);
- if (tag == MKTAG('d','a','t','a')) {
+ if (tag == MKTAG('d','a','t','a') && atom.size >= 16) {
data_type = avio_rb32(pb); // type
avio_rb32(pb); // unknown
str_size = data_size - 16;
More information about the ffmpeg-devel
mailing list