[FFmpeg-devel] [PATCH] mov: Fix spherical metadata_source parsing.

James Almer jamrial at gmail.com
Sat Jan 28 03:53:37 EET 2017


On 1/27/2017 2:44 PM, Aaron Colwell wrote:
> The metadata_source field is a null-terminated string, like other ISOBMFF
> strings, not an 8-bit length followed by string characters. This patch
> fixes the parsing code so it rejects svhd boxes that are too small and
> skips to the end of the svhd box since we don't actually care about the
> contents of the
> metadata_source field.
> 
> 
> 0001-mov-Fix-spherical-metadata_source-parsing.patch
> 
> 
> From f63f65135e7059376acff3acc0e5268a8861d21d Mon Sep 17 00:00:00 2001
> From: Aaron Colwell <acolwell at google.com>
> Date: Fri, 27 Jan 2017 09:33:29 -0800
> Subject: [PATCH] mov: Fix spherical metadata_source parsing.
> 
> The metadata_source field is a null-terminated string, like other ISOBMFF strings,
> not an 8-bit length followed by string characters. This patch fixes the parsing
> code so it rejects svhd boxes that are too small and skips to the end of the svhd
> box since we don't actually care about the contents of the
> metadata_source field.
> ---
>  libavformat/mov.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/libavformat/mov.c b/libavformat/mov.c
> index 7dc550eb99..b1bfa0a35f 100644
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -4566,7 +4566,7 @@ static int mov_read_sv3d(MOVContext *c, AVIOContext *pb, MOVAtom atom)
>      }
>  
>      size = avio_rb32(pb);
> -    if (size > atom.size)
> +    if (size <= 12 || size > atom.size)
>          return AVERROR_INVALIDDATA;
>  
>      tag = avio_rl32(pb);
> @@ -4575,7 +4575,7 @@ static int mov_read_sv3d(MOVContext *c, AVIOContext *pb, MOVAtom atom)
>          return 0;
>      }
>      avio_skip(pb, 4); /*  version + flags */
> -    avio_skip(pb, avio_r8(pb)); /* metadata_source */
> +    avio_skip(pb, size - 12); /* metadata_source */
>  
>      size = avio_rb32(pb);
>      if (size > atom.size)
> -- 2.11.0.483.g087da7b7c-goog

Pushed, thanks.



More information about the ffmpeg-devel mailing list