From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id D6FE44CF1E for ; Thu, 13 Feb 2025 15:53:00 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C03CF68C02D; Thu, 13 Feb 2025 17:52:56 +0200 (EET) Received: from mail-ot1-f50.google.com (mail-ot1-f50.google.com [209.85.210.50]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 66CB368BBE4 for ; Thu, 13 Feb 2025 17:52:50 +0200 (EET) Received: by mail-ot1-f50.google.com with SMTP id 46e09a7af769-71e1158fe3eso646229a34.1 for ; Thu, 13 Feb 2025 07:52:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739461968; x=1740066768; darn=ffmpeg.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=HY+gfe1AMup7Y0hRNchYObWn/b2PAWuBETmflEjvws4=; b=JOR9sfbLRREuzgz9H2mMSso+S1n+WVinvnw0eJWDJ8wQeOB8cdXxmXJvFpPlWvDn1z gezjKuHFofMdxgAF2RhOECKNzPtU1hI4o4Lak4x4mF9cUgI7XJ8mvyXgCX84kzjQWYjr Em9K1woExeUME6ooorXfUQD7luSsAury6xxcOmf8NM+JDjvJg4z45bYjMbUabvhXkqmW Zcnff/E0z1aFVVXR2pOnszywjxjDNb8Sx3WzY4nTYkUE9Y07V6Y2ce5bUpyKMpEVxIIZ Rj0xAQ8QgxhdFmcV3b4PwsZyaKj4jxhRtzHKESL8MPHm715KYDl87cDI00H0t3joPv8F kLXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739461968; x=1740066768; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=HY+gfe1AMup7Y0hRNchYObWn/b2PAWuBETmflEjvws4=; b=QX1KAslkWqXXChoRXnvVZrog1L+u3LtNX3h7Fk2fUlksK+TRPTUSoVEsWejGUFbQdJ XIrKSTDdccHZxbSynKn3rAvuQWYG3cVkU5t3Df0VS4Ks7Dm+ce8sfTFqgdJxkAIhiUza aJOEHdlZheslCeEE87yldLNunRubf5vJuTc/4huYcGHTkG30UxUOKQJ7vfTEWsDtyTkk mKr/CxH4NIQSzZZduZTdAGQUxjjDH9S5ZXkyvqTOr+gsoppP2b0d5s9tRM8G76h0j7dU 0sMYKnYKSTMpVylgB8+fTAw2u1RfaDRRpWGWsXz8WtKEKb8+5SUjq9S6N0dQEW3mTiPr pTOQ== X-Gm-Message-State: AOJu0YwK89+JZjkw54WUBcVa5JhFBaM4yj63rquMn2/ffbjMKtkcLfqs 7EKPNYPSemc2NebM6CMYCUknqnDYxXeWo4R+yuiisL/xoEVsIDq2BgAENFZZ X-Gm-Gg: ASbGncs8Zxy52Tlb2VZSlZz5f0+h79Y/+f8OaMRBmv3VtVec8vhZWv6H5Xm38gQQn/N RHY0KLeA7Jr/r+KjuySqjE/rlxUJgMbzW65RtEtjDcwgWf7iK0TYFtlxNiaNgVez4RL9eZZq1ZU 580CY7GzC7LPlmsjYc+LROk8NciWOybK/yASapqk62AgqIvstt8W1R5oMIgtiN6cSV1smJsV+Lb COvBkPI13UJVdyAqye0FWFJfEbcr10CQeEv8mIvBiLWhhyvjniw9C0ngydET13Y5t8UbCDbRJLs xnILBjtOnJ3xw80I7vq8jK5uWjpwgRU= X-Google-Smtp-Source: AGHT+IFfB5Gxf1HcD9tLcc2LHWZ/N2WP6Zy804NLhLsztytHuMR1Km9prmQo3pUXvCVQ8ASYBy9MeQ== X-Received: by 2002:a05:6830:6a96:b0:71e:ab4:6257 with SMTP id 46e09a7af769-726f1c51722mr5321978a34.15.1739461968179; Thu, 13 Feb 2025 07:52:48 -0800 (PST) Received: from localhost.localdomain ([2800:2121:b040:c:1596:bee8:ed07:ae97]) by smtp.gmail.com with ESMTPSA id 46e09a7af769-72700264a6dsm662630a34.68.2025.02.13.07.52.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Feb 2025 07:52:47 -0800 (PST) From: James Almer To: ffmpeg-devel@ffmpeg.org Date: Thu, 13 Feb 2025 12:52:32 -0300 Message-ID: <20250213155232.59-1-jamrial@gmail.com> X-Mailer: git-send-email 2.48.1 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH] avformat/mov: ensure no trun atoms are parsed as children of trak X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Fixes: Null-dereference READ Fixes: 396192874/clusterfuzz-testcase-minimized-audio_decoder_fuzzer-4589309789143040 Signed-off-by: James Almer --- libavformat/mov.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index 85aef33b19..f675929e57 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -5097,6 +5097,12 @@ static int sanity_checks(void *log_obj, MOVStreamContext *sc, int index) return 1; } + if (sc->tts_count) { + av_log(log_obj, AV_LOG_ERROR, "stream %d, TRUN atom in TRAK, broken header\n", + index); + return 1; + } + if (sc->stsc_count && sc->stsc_data[ sc->stsc_count - 1 ].first > sc->chunk_count) { av_log(log_obj, AV_LOG_ERROR, "stream %d, contradictionary STSC and STCO\n", index); -- 2.48.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".