From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id 1C36449AF0
	for <ffmpegdev@gitmailbox.com>; Tue,  2 Apr 2024 03:18:27 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 12D2368D0E8;
	Tue,  2 Apr 2024 06:18:13 +0300 (EEST)
Received: from mail-pg1-f177.google.com (mail-pg1-f177.google.com
 [209.85.215.177])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 9A75268D0AF
 for <ffmpeg-devel@ffmpeg.org>; Tue,  2 Apr 2024 06:18:06 +0300 (EEST)
Received: by mail-pg1-f177.google.com with SMTP id
 41be03b00d2f7-53fbf2c42bfso3656173a12.3
 for <ffmpeg-devel@ffmpeg.org>; Mon, 01 Apr 2024 20:18:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1712027884; x=1712632684; darn=ffmpeg.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=zDwqXl+boUZrg4F/SbBktHSnWtDWuEr7IVcjxIf+3VE=;
 b=RpYbjVnB6doJoy1NWMpdzabciHIY1E9XP5uXX6L4D7kSV0gbwjFRxvwWeU9e5JZVZc
 zQtC7qLCEQy2Xjo1vYrLs1uI1LQElsMjPzTaepjEe5mN9vC2RjIBIJkyq8w0Jhu3cdvG
 1x+JqlQO23yRdGZHu3BkXcllR2u0JYLyF/5s2AzgX0TbDGjCb2+pKI/yLc1ylNjeu2hR
 MCxiboJ82mf026yxxhf3dGYoeWRbAWBRc+U1jiQrC1uYE9ylJ4X6lc65msmOrnDuyxS0
 opjOZjijyvY3InbKLKgXoZSotAVrC22Q9Cja1YquZrRnC21nrNNXsqvbUPS9c3CjH9mw
 4nCw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1712027884; x=1712632684;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=zDwqXl+boUZrg4F/SbBktHSnWtDWuEr7IVcjxIf+3VE=;
 b=QUUZIXhxBZ/pirxRsXeZWc2aLOSMVDQERseVzGw3rhp3MF6wWFn13RcPD3lkbOxxFS
 yPgQ8enFfqj0Wjl41R39/6oELuF/xPfshBDF8KmP5Dr1RVxvza5tAGlrnShu71adgVNE
 9Bzo9Dtz5fdOo0/0nc9+CvYQKFTpMi3exeZC5L+0M7QbvHTzv8dhYaUl1XXprkSxU/+j
 YiPnT2sbWiuCd60oZqJje7dmOuJxBo4OP/62Gt6VAplCmRvlZvHR2MzTBd2f75BxCTyK
 5H51ZVfu3KCbdiRqbPdzJCqR4HT/QTF5y4/vV+D+f7H+dKDB96GX0atmQZSAfhstWGkg
 EnVw==
X-Gm-Message-State: AOJu0YxSDJ+VH5gkA2wlw5L98elENOR/xwB0OaLzXARqcaZsMidrHB87
 rBrRunVGHPP0/3cPnnxBwHWtMGOC6+IY6JmG04HobKFkms5/fW0+cy5HI4pG
X-Google-Smtp-Source: AGHT+IGjl2OUrKWTU2hfFHS1JXGTdbuhoTupyqCAMB2vAmm+GKdqKkWGuj1dGmuLXmlv0tnzmhYM1w==
X-Received: by 2002:a17:902:7847:b0:1e0:1bff:59e2 with SMTP id
 e7-20020a170902784700b001e01bff59e2mr11195601pln.39.1712027884129; 
 Mon, 01 Apr 2024 20:18:04 -0700 (PDT)
Received: from localhost.localdomain ([190.194.167.233])
 by smtp.gmail.com with ESMTPSA id
 g12-20020a170902fe0c00b001e26ba8882fsm408652plj.287.2024.04.01.20.18.03
 for <ffmpeg-devel@ffmpeg.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 01 Apr 2024 20:18:03 -0700 (PDT)
From: James Almer <jamrial@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Tue,  2 Apr 2024 00:18:00 -0300
Message-ID: <20240402031800.7159-3-jamrial@gmail.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20240402031800.7159-1-jamrial@gmail.com>
References: <20240402031800.7159-1-jamrial@gmail.com>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH 3/3] avformat/mov: fix the entry count
 overflow check in the keys atom
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20240402031800.7159-3-jamrial@gmail.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

Signed-off-by: James Almer <jamrial@gmail.com>
---
 libavformat/mov.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index a935ef7326..9fca402896 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -5025,7 +5025,7 @@ static int mov_read_keys(MOVContext *c, AVIOContext *pb, MOVAtom atom)
     avio_skip(pb, 4);
     count = avio_rb32(pb);
     atom.size -= 8;
-    if (count > UINT_MAX / sizeof(*c->meta_keys) - 1) {
+    if (count + 1LL > UINT_MAX / sizeof(*c->meta_keys)) {
         av_log(c->fc, AV_LOG_ERROR,
                "The 'keys' atom with the invalid key count: %"PRIu32"\n", count);
         return AVERROR_INVALIDDATA;
-- 
2.44.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".