On Fri, Feb 16, 2024 at 01:41:35PM -0800, Dale Curtis wrote:
> On Thu, Feb 15, 2024 at 2:35 PM Michael Niedermayer <michael@niedermayer.cc>
> wrote:
> 
> > FFMIN/MAX can evaluate their arguments multiple times so avio_rb32() might
> > be executed more than once
> >
> 
> Thanks. Good catch. Fixed.

>  mov.c |    7 +++++++
>  1 file changed, 7 insertions(+)
> 08ba396380cc14f3df2bdd4a638c43c1c521b8fc  stco-clamp-entries-v4.patch
> From b94e542582e375025c59862cee58ec45d39c9cd6 Mon Sep 17 00:00:00 2001
> From: Dale Curtis <dalecurtis@chromium.org>
> Date: Fri, 2 Feb 2024 20:49:44 +0000
> Subject: [PATCH] [mov] Avoid OOM for invalid STCO / CO64 constructions.
> 
> The `entries` value is read directly from the stream and used to
> allocate memory. This change clamps `entries` to however many are
> possible in the remaining atom or file size (whichever is smallest).
> 
> Fixes https://crbug.com/1429357
> 
> Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
> ---
>  libavformat/mov.c | 7 +++++++
>  1 file changed, 7 insertions(+)

will apply

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

It is a danger to trust the dream we wish for rather than
the science we have, -- Dr. Kenneth Brown